Update to my 5 star review 6 years ago: unfortunately this add-on seems to have been abandoned by its original maintainers, therefore a bug showing up in Firefox 66.0.2 and onwards renders it unusable.
I have created an alternative version: https://addons.mozilla.org/en-US/firefox/addon/pwdhash2/
(on a sidenote: I'm also the author of the pull request for migrating this extension to WebExtension two years ago)
---- original review: ---- I've been using it for years now and it still serves me well! Unobtrusive and simple: just prefix with @@ or F2 and your password will be a hashed one specific for this site. No more worries when a site leaks all of the unsalted passwords.
Thanks to this addon I've stopped using the same password for every site. It works very well on most sites.
I have only two problems with it:
- There's no visual indication that the hashed password is being sent.
- Subdomains like a.com.es and b.com.es generate the same password. These domains are equivalent to .co.uk domains but for Spain. There're more of these kind of subdomains that should be treated like different sites.
in iceweasel 45.0a2 on debian 8 writing even one @ or pressing F2 immediately results in a segmentation fault. I really like this extension, and would like to use it on many platforms, I help to debug if I can...
Hi, I just updated to FF 42 and can't get this addon working anymore... it's really essential for me, so please update this addon as soon as you can. I really wonder why Mozilla specifically disabled it...
I can't recommend this, and I know the Stanford PwdHash library pretty well. This is a poor implementation. One major drawback is that there's no indication of whether or not the @@/F2 key sequence worked or not (it doesn't work on every site). So you're not sure if you're sending a hashed password or not.