Most people use a small set of web page passwords in all the sites on which they have to log in. The problem with this is that a password hacker or thief can hack into a lower security site that encrypts your password poorly and get thousands of user names and passwords and try them on higher security sites such as Gmail or Yahoo, eBay or PayPal, or a bank website and gain access to your private information, finances, or worse. This method of stealing passwords is extremely effective, because many people choose to use the same password for many different sites.

What is password hashing?

Password hashing is the act of using a mystery script to create a new password from an old one. This new password, called the hash, is site-dependent, meaning this hashing utility will not generate the same web site password hash for any two sites you visit. It is also virtually impossible for a malicious password cracker to reverse the process and determine the original password based on the hash because the script creates a unique hash password for each site address and original password. It is also impossible to steal a hashed password from one site and use it to log into another site if the hashes are different.

Web password hashers are also known as "password creators", "random password generators", and "password encryptors". This password hashing utility acts as a "password key", but without storing any of your information, further increasing your password security. Whenever you come to this site and enter the same site address and password, this site will return the same secure password hash. Because virtually every site that has significant traffic requires a password, whether the site is secure or not, this type of password protection is essential, and it's difficult to beat.

The purpose of munging or hashing your password is to create a set of theft-resistant passwords that are complex and random. With this utility, you can have a different password for every site you visit. A bot, password cracker, or a person who successfully breaks through another site's security would then only see one password, and would be unable to use that password on any other sites. Your password becomes immune to password cracking. Using this utility will increase the security of your information.

Another way that bots steal passwords is through phishing scams. In a phishing scam, you are directed to a site that looks identical to the site you are trying to visit, and are asked for a user name and password as usual. When you enter your password, the phishing site steals your password. If you use the password hasher with the URL you visit, your password will be generated based on the phishing site URL, not the intended site URL, so your intended site URL password remains safe.

A note on our security: This site hashes and obfuscates your password transparently. We do not store your password anywhere on our server. Everything is done on your computer. We never receive your password nor any information you enter into this password hashing tool. We also never ask for your user name, and you should never trust a password hasher that asks for your user name. We will never know who does and does not visit this site. Our script is completely visible and transparent, and you are welcome to check our script for yourself to see that no information is sent to us.

More importantly, every time you use the password hash generator with the same site address and password, it will create the same complex random password hash, so that if you forget your password or you are on a computer that doesn't have the password hash stored, you can always come back to this website and retrieve your password. Unlike many other password hashers, the site address and password are not case sensitive, and the hasher works on subdomains and subpages as well. That means you don't have to worry about whether the site you used was "Example.com" or "https://go.EXAMPLE.com/passwordhasher/" because these URLs are all on the domain example.com. You can also stop worrying about what letters you capitalized in your password. Passwords like "Password", "password", and "PASSWORD" will all work the same way. This site even works on all the familiar protocols including http, https, ftp, sftp, hftp, and ftps.

Usage note: It is good practice to maintain a copy of your passwords locally. AddressMunger.com will not store your passwords or hashes on our servers. AddressMunger.com will not modify the algorithm that creates the passwords, so it will always generate the same unique password for you whenever you use the same site address and password. However, AddressMunger.com does not store passwords in any way, and we do not take responsibility for recalling, storing, or losing user passwords. Use of this page is free, but by using this page, you agree that all liability for how this site is used by you is yours alone. All password management responsibilities are yours alone.

Bookmark AddressMunger.com

Instructions:

1. Enter the address of the site you need a hashed password for into the box "Site Address"

2. Enter your generic password into the box labeled "Site Password".

3. Press Enter or click Generate Your Password Hash. This is your hashed password.

4. If you ever forget your password or are on a browser that doesn't have your password stored, you can always come back to this page and retrieve your hashed password. If you use the same site address and password, this page will always securely generate the same password hash.

Written by Juan Rodriguez

Juan Rodriguez is a part-time web designer and full time math teacher, and is a Math for America Early Career Fellow. You can contact him here or in the comments below. Over the past eight years, Juan has provided anti-spam and web design tools to over 1000 web-based businesses.

© Copyright Juan Rodriguez, 05-31-2003, All Rights Reserved.
http://www.AddressMunger.com