CyberNotes
Free for all Friday




Internet security is a big issue these days, and there are a variety of elements that can help keep your important information and documents safe. There’s a lot of security measures out there like anti-viruses and firewalls that people are willing to pay money for, but yet they overlook one very important security measure… passwords.

There are several lists floating around the Internet with the top passwords that are most commonly used, and all of them are considered highly insecure.  Passwords like ‘123456’ or ‘password’ won’t keep your important information safe. There are also a list of common insecure choices like using your name, a pet’s name, license plate number, or the name of a child or spouse.

One of the most common ways for someone to get your password is by a “dictionary attack.” As the name points out, a dictionary is used to exploit your password.  Many password cracking programs come with dictionaries or common word lists that can be used to crack your password.  Any password that could be looked up in the dictionary is considered insecure, and could very easily be figured out.

Another method to gain access to someone’s password is by brute force attack which tries every possible password. Because of that,  exploiting a password could take a long time to figure out depending on its’ strength. I came across this website which clearly points out safe and unsafe password examples. Below is a graph which shows how long it would take for your password to be exploited based upon how many different combinations are possible.  Most everybody will have a “Class D” computer.

Notice from the graph above that a password that’s simple, containing all lowercase letters and no numbers or other characters can be exploited with a typical Class D computer in 30 seconds. The most secure password uses a combination of both lower and upper case letters, along with numbers and a symbol, and with at least 8 characters. In this instance, it would take 23 years for your password to be exploited with over 7.2 Quadrillion possible combinations.

–SuperGenPass–

SuperGenPass Armed with all of this information, now all you need is some help creating a secure password. There are a variety of different websites and extensions that will help you create secure passwords, however, I’ve come across a Bookmarklet called SuperGenPass which does more than just create you a secure password. SuperGenPass works by entering in a master password for the site you’re visiting. Using your master password and the domain of the site, it will generate what appears to be a “random” password. The trick is that it’s not really “random”, it’s actually your “real” password. Anytime you visit the site, all you have to do is enter in the master password and it will provide you with the original generated password.

(The image to the right shows what the setup process looks like the first time you create a master password, and the corresponding generated password that would appear every time you visited a certain domain)

Here’s step by step instructions for using SuperGenPass

  1. Bookmark one of the following bookmarklets that correspond to your browser:
  2. When you’re ready to log into a site, type your master password in the website’s password field. Note: This is your master password, and SuperGenPass will retrieve the text from this field to generate the “real” password. If you don’t enter in the master password into the form field, SuperGenPass will prompt you for it.
  3. Select SuperGenPass from your bookmarks.
  4. SuperGenPass uses your master password to generate your “real” password.
  5. Click populate, and your “real” password will be updated in the password field replacing the master password.
  6. The password field turns green, letting you know that you can log in.

The entire process is just two extra clicks, and just a few extra seconds.  The ease of use, along with the extra protection it adds makes the extra seconds worth it. This page will show you screenshots that will guide you through each of the steps.

Now, you’re probably thinking that this wouldn’t work very good as far as the portability goes.  To solve that problem, there’s a mobile/backup version available so that you can load it onto a USB drive/portable device and take it with you wherever you go.

Another extra added benefit that you may not have thought about is Phishing protection.  Because SuperGenPass generates your password based upon the domain that you’re visiting, if you’re at a Phishing site, the password it generates and enters into the password field will be incorrect. This leaves phishing sites unable to gain access to your important information and accounts.

Lastly, there are a few options for customization that you’ll probably find useful.  First you can change the default length of your password for a little extra security. The default length is 10 characters. Another option is to make this a one click solution by hardcoding your master password into SuperGenPass.

This entire bookmarklet was developed by Chris Zarate over at labs.zarate.org … props to him for such an awesome, useful tool!

SuperGenPass Information and Bookmarklet