The golden rule when it comes to securing your online accounts is to never use the same password more than once. Even if you are guilty of breaking this rule for throwaway accounts, you should at the very least never use your most important passwords more than once.
But what if you could use just the one password everywhere, without having to sign up for a password management service or pay subscription fees? That’s exactly what KeyGrinder lets you do, and it’s completely free to use online and via the iPhone app.
If you have trouble remembering passwords but are concerned about storing the keys to your online life, you might want to try it out.
How It Works
KeyGrinder works using a very simple principle, and that is one already widely used to store passwords securely – hashing. In fact, KeyGrinder uses the same technique used by Stanford University project PwdHash which was designed to create theft-resistant passwords. The idea fuses the convenience of an easy to remember password with the security of using very strong, completely unique passwords.
When you use KeyGrinder to generate passwords, it takes your input (e.g. “password”) and the address of the website you are visiting (e.g. “google.com”). By converting your password into a domain-specific hash of both your input and the website you are trying to access, each and every password for every domain you visit will be entirely unique. Because these passwords are hashes, they’re also a strong combination of upper case, lower case and numbers and thus are naturally stronger than most memorable passwords.
KeyGrinder is virtually identical to PwdHash, and both services generate the same passwords when given the same input credentials. Because certain websites have entirely different sub-domains for handling separate functions i.e. mail.google.com and drive.google.com, KeyGrinder uses only the “name.com” part of the domain, which means you won’t have to remember each and every domain and sub-domain you use.
In fact, all of the following domain variations generated the same secure password: “mail.google.com”, “www.google.com”, “m.google.com”, “http://mail.google.com/” “mail.google.com/d”. Note how the “http://”, “www.” and anything after the top-level domain (in this case “.com”) is ignored.
The length of each password will vary depending on the input password you supply, so for “mail.google.com” using “password” generates: GEGW8EGRbW. However, if you use “mypasswordisaverylongpassword” then you’ll get: CYbbtuHIZ24PVt0qHwMFXAAAAA. At no point will the generated password exceed 26 characters.
From Your iPhone & Browser
Having access to services like KeyGrinder or PwdHash on the web is handy, but when it comes to mobile usage accessing a website isn’t always the most convenient of operations. For this, there is the official KeyGrinder app, which used to cost $0.99 but now appears to be completely free. It offers identical functionality to the website, except from the convenience of a touch interface.
What’s more, KeyGrinder for iOS will remember the URLs you have used, so you can simply enter your master password and choose from your frequent sites before generating your hash and copying the password to your clipboard. You can then paste the hash into the service you need to login.
That’s pretty much it. Keep your online profiles completely safe, all the while using the same single password and your clipboard from a web browser or iOS device. Oh, and one of the best things about using a cryptographic solution like this for recalling passwords is the fact that they won’t be stored anywhere. For PwdHash there are Chrome and Firefox extensions available from the official site, and KeyGrinder’s homepage features a choice of bookmarklets which you can drag into the bookmarks bar.
Download: KeyGrinder for iOS @ AppStore
Remember – no password is infallible, sites get hacked and credentials leaked. If you use the same password in more than one location then you’re already playing with fire, and KeyGrinder might just be the free solution you’ve been looking for. You should still never ever reveal, write down or store your master password in plaintext. If you’re planning on using PwdHash or KeyGrinder, then it’s probably a good idea not to advertise this fact too publicly either.
What do you use to keep your online identities safe? Do you like the idea of KeyGrinder or do you use another service to safely store your keys? Let us know in the comments, below.