61 reviews
  • If you don't want your passwords to be visible at the content providers site this addon is for you.

    Easy, simple, works good.
  • I've been using this plugin since 2007 - and it works perfectly.

    I normally use the enter masterpassword +F2 function as the password visually gets 2 char longer

    For a full review see http://edgecrafting.blogspot.com/2007/08/pwdhash-one-password-to-rule-them-all.html

    Tip for Beta users;

    bypass the security check by adding the preference extensions.checkUpdateSecurity and setting it to false (though not recommended for casual users).

    type about:config in the address bar and press Enter
    1. Right-click -> New -> Boolean
    2. Name: extensions.checkUpdateSecurity
    3. Value: false '

    Restart browser and install plugin
  • It looks like a great tool but copy-paste function does not work (i.e. for gmail.com)
  • This is generally very simple and great add-on but it lacks the feature of form filling because i have to F2 every time i have to acknowledge the new password i type into website form. Excerpt this the general grade for this tool is 5.0!
  • Useful add-on. Only thing I don't like is that it doesn't indicate whether a password hash is being generated or you're just submitting your master password.
  • PwdHash 1.5 is compatible with FF 3.0 RC1 and is available on the Standford website! It is in the review queue for addons.mozilla.com but you can download it directly in the meantime.

    http://crypto.stanford.edu/PwdHash/#download
  • I use pwdhash for 4 email accounts, 3 ISPs, 2 credit cards, 1 credit union, 1 bank, the patent and trademark office, and many e-commerce sites for which I don't want to remember individual passwords. Also I've made it my ie homepage so I can copy-paste into popups that don't accept the @@ prefix. I've only found 1 brokerage and 1 employer that are incompatible in password policy.

    If you download the pwdhash.com webpage to a usb flash memory, you can edit the default site address from example.com to a website which you want to access when you are away from a computer with the add-on.

    This is a perfect solution for the "common password" problem in that it is common for people to reuse the same password for multiple purposes.

    If this were available on my iPhone browser, my life would be even better.
  • There are very few sites this tool cannot be used on (such as those with flash registration forms, sites with multiple domains that use a different one for registration and login, etc.), but you can usually still change the password later and use it even in some cases. I would recommend this tool to anyone, simply because, being an IT guy, I know how foolish some people are with passwords. Using a hash function based on the domain prevents these users from actually using the same foolish password for every site, even if they use the same foolish password for every site. The only thing you really have to take into account is those sites that have restrictions on password length/characters. You have to adjust the password accordingly, but it's pretty simple. I give it a 9 out of 10.
  • Other reviews have mentioned the problem of sites requiring a different syntax for passwords than PwdHash generates, and there are a number of different possible problems here. For some, the generated password is too short or too long, others require special characters in the password that PwdHash doesn't generate (others forbid these characters).

    But I've encountered a couple of other problems as well. For some sites, it just doesn't generate a password, but leaves the master password you type, which gets sent to the site. I now know to type in the confirmation password using the opposite prefix (@@ vs F2) than I used for the original password. If the site says that they don't match, I know that PwdHash didn't work. Often, I can look to see if the number of asterisks changes when I tab out of a password field; if it doesn't, then PwdHash didn't work, and I don't have to submit the form to find that out.

    Another problem I found is on some sites, I was able to successfully create a password,
    but when I went to log in again, PwdHash told me incorrectly that the caps-lock was on after I typed the F2 key and a single character. If I typed @@ and the character, it told me that my password was too short to protect.

    Queries I made about these problems to the authors have been unanswered.
  • It's good to have such a convenient plug-in. I used it quite a bit. The bad part about is that some passwords it generates are either too long or invalid for so called SECURE web sites. The ugly part is these SECURE websites claim it is more secure to restrict usage of longer passwords or restrict usage of to certain characters. NOT!!!

    Oh well. I still love this tool. Hopefully such web sites as www.navyfcu.org, home.americanexpress.com, will consider the benefits of pwdhash and loosen up their password format restrictions.

    Another problem is, for example, www.quicken.com that has a second domain, quicken.intuit.com. This gets a little bit complicated if you do not recall which domain you used when you hashed your password.

    Hopefully, those potholes will be fixed by enhancement of pwdhash to account for such inconsistencies or the web site application developers make their sites compatible with pwdhash.

    Other than that I like pwdhash and feel more secure using it. Hopefully it will get better over time.
  • This is a extremely useful plugin. Just remeber one password, and let this plugin do the magic!