The drop is always movingYou know that saying about standing on the shoulders of giants? Drupal is standing on a huge pile of midgetsAll content management systems suck, Drupal just happens to suck less.Popular open source software is more secure than unpopular open source software, because insecure software becomes unpopular fast. [That doesn't happen for proprietary software.]Drupal makes sandwiches happen.There is a module for that

Reiterating a good password trick

Submitted by nk on Wed, 2008-02-20 11:34

James said in his recent security article "Also, remembering several (hundreds!) of complicated, strong passwords can be daunting and frequently leads to poor password choices" -- but we learned right here on the Drupal planet from Moshe, there is a good solution to this: SuperGenPass. "SuperGenPass allows you to remember just one password (your “master password”), which is used to generate unique, complex passwords for the Web sites you visit. SuperGenPass is a bookmarklet, so there’s no software to install, and it never stores or transmits your passwords anywhere." There is a mobile version, too. I use it and love it.

Commenting on this Story is closed.

Submitted by on Wed, 2008-02-20 13:30.

And what happens if you have multiple passwords for the same domain? For example, you have 2 Google accounts?
For Linux maybe this tool is the best solution, but for other platforms there are better solutions: Roboform for Win and 1Password for Mac.

Submitted by nk on Wed, 2008-02-20 17:36.

Any solution which saves your passwords is a flawed solution. I could use kwallet for sure but I don't.

Submitted by on Wed, 2008-02-20 19:32.

The mentioned programs although save the passwords, but they encrypt them at the same time. If you want to steal my passwords, you have to know my master password, and you need to steal my files (the stored and encrypted passwords) as well. In practice, this is the same security when you don't store the passwords.

Update: if I have a website, and you register there, then I will know your password. So if I can crack the MD5 algorithm, then I will know your master password, right? So SuperGenPass is as secure as MD5.

But if my program stores my passwords, then it has the same security level as MD5.

So storing passwords is actually safer... Because you not only have to crack the code, but you have to also steal my files. By SuperGenPass I "only" need to crack MD5.

Submitted by nk on Thu, 2008-02-21 18:33.

I can go to and generate the password. This works from any browser, any computer, anywhere.

Submitted by on Wed, 2008-02-20 16:11.

Personally.. I went into paypal and got the keyfob for 5 bux. You can then setup a verisign openid account and attach the paypal keyfob as a credential that must be entered. So far its treated me well.

Submitted by nk on Wed, 2008-02-20 17:37.

I do not think every site, forum etc supports OpenID already.

Submitted by andremolnar@dru... on Wed, 2008-02-20 18:02.

I cannot login with my open ID at drupal4hu. :(

Submitted by on Wed, 2008-02-20 18:39.

I told chx on IRC that I don't use anything like this because I prefer to have my passwords memorized. My reason for that is I use 3 different browsers and multiple computers plus I like to have them if I need to log in from someone else's house. He said that there is a website you can go to with the js to get your password. So maybe I'll give it a try. :)


Submitted by Anonymous on Fri, 2009-09-18 01:16.

In 2007 links of london was named Jewellery Brand of the Year at the 2007 UK Jewellery Awards for the third consecutive year.links of london Bracelet