Frequently-Asked Questions:

Am I really improving my security or just saving effort?

It depends. It should improve the security of most users by easing the burden of using strong and varied passwords. On the other hand, if you are highly disciplined and aware of security needs you may actually increase your vulnerability by exposing more sites to intrusion if a master key is stolen. Of course the hacker will only be successful if he knows to use this tool to regenerate hash words. If you're reusing passwords already this tool should only help.

What if I need to log in and this tool isn't available?

You can generate a Portable Page to load and run in any browser when this extension is unavailable. You can also use the online tool to generate identical hash words, but it won't know your site tags and settings. See the Portable help page for more information.

The page fits nicely in a Firefox sidebar for extra convenience. It is also completely self-contained, so you can move the one HTML file to other storage devices, including USB keys. page as a single self-contained file and store it on a USB key.

Please be aware that the extra hash word filtering and size options make this tool incompatible with other similar tools, e.g. Hashapass, which may generate different results, depending on which options your are using.

Should I record the generated hash words somewhere?

It's not a bad idea, but if you save a Portable Page as backup you have everything but the master key(s). So it's up to you. An additional locked-up "dead tree" or electronic copy is an extra measure of safety, in case you need to manually enter the hash words someday. You can also use a program like KeePass (highly recommended for Windows users) to save your data in an encrypted file.

Just give a bit of thought to all the scenarios of dying or borrowed computers and broken software. :)

Do I have to remember the options set for each site?

Not normally. The tool remembers it for you. But if you lose the saved data, e.g. by clearing the Firefox password cache, you need to reproduce the default settings and the overrides for individual sites. Hopefully you won't have so many special cases that remembering is a problem.

Where is the data stored?

Everything is stored in the Firefox password cache. It's encrypted and secure. You can use extensions like the Password Exporter to save this cached data for backup or to transfer it to another machine.

How can I change the shortcut key?

Procedure

• Go to about:config using location bar.
• Filter on passhash and look for passhash.optShortcutKeyCode and passhash.optShortcutKeyMods.
• Set passhash.optShortcutKeyCode either to one of the virtual keys using VK_ as a prefix, e.g. VK_F6 or to a displayable key using the actual character, e.g. h or ;.
• Set passhash.optShortcutKeyMods to one or more space-separated key modifiers. accel is a cross-platform modifier which is the Control key on PCs and the Command key on Macs. You can also use alt, control, shift, and combinations.
• Restart Firefox.

Examples

Control-Alt-H

• passhash.optShortcutKeyCode = h
• passhash.optShortcutKeyMods = control alt

Control-; (PC) and Command-; (Mac)

• passhash.optShortcutKeyCode = ;
• passhash.optShortcutKeyMods = accel

Control-F12 (PC) and Command-F12 (Mac)

• passhash.optShortcutKeyCode = VK_F12
• passhash.optShortcutKeyMods = accel

How do I get help, report a problem or make a suggestion?

Feel free to contact the developer through email. Obviously this is not a large organization, but I get back to you as quickly as possible and appreciate feedback. :)