Let me give some examples here so it’s clear what’s going on. Say you’ve been using the ultra-insecure password “MyPassword” for gmail, paypal, and ebay, but now you want something more secure. Using the method detailed above, you would take the three strings “gmailMyPassword”, “paypalMyPassword” and “ebayMyPassword” and feed them into the generator above to get the three much more secure passwords “f8809f148b90″, “04b1bbe378d3″, and “691b2660c9e2″. You can then save them in a Firefox password manager for everyday use, and if you are at a new computer and need the passwords, you can come back to this page to retrieve them.
Now, this system isn’t perfect. Some sites will require you to have at least one uppercase letter — in that case I recommend changing the first letter in the generated password to uppercase (e.g. 691b2660c9e2 -> 691B2660c9e2). Some sites may require you to not start your password with a numeral, which is stupid, so you shouldn’t be on any of those sites (kidding! … though I don’t know how you would adapt this to that situation — Update: maybe pick a letter to add to the beginning in those situations?) And in case you are worried that this page may not be here forever, don’t worry — there are plenty of other SHA-256 hash generators online; you’ll just have to truncate to the first 12 characters manually.
Notes and updates:
- Out of an overabundance of caution, you may not want to generate passwords in exactly the way I’ve described. Consider forming your strings like MyPasswordgmail, MyPassword@gmail, MyPassword!gmail, MyPasgmailsword, gmail.com-MyPassword, etc.
- Yes, there are other sites that do something similar. But I would be worried that if those sites disappear, you would be left without a way to recover your original passwords. This process is simpler, only relying on the SHA-256 algorithm, which, as mentioned above, is popular and has many implementations.
- I’ve re-posted this on Blogger so that in case I fail to pay for my web hosting, at least this service will remain active so long as I don’t violate Google’s terms of service or anything.
- I’ve added an “advanced” method that does the following: it passes your string through the SHA-256 hash function as before, but then converts that output to a Base64 encoding, removes any ‘+’ or ‘/’ in the result, and gives you the first 12 characters of the output. This will give passwords with more characters, but is not as easily reproduced without this site.
- 7/6/2011 — All right, I’ve added two more modes that rely on the popular MD5 hash, as opposed to SHA-256. I may add more at some point as well.