data in the hopes of discovering extraterrestrial communication.               Using the PwdHash Extension Reading a chapter about all the work involved in keeping your identity secure can be a real downer. Firefox was created to make your life easier in every possible respect, and here I am giving you a laundry list of facts to keep in mind during everyday surfing. What a pain! You shouldn't have to worry about those details. With that in mind, I and a group of security experts at Stanford set out to create a browser extension called PwdHash, short for Password Hash. (See Chapter 20 for more information about Firefox extensions.) The goal of PwdHash is to afford users the convenience of remembering a single password with the security of using a different password on each Web site you visit. It does this by automatically and transparently generating a different version of your password for each Web site. Discovering PwdHash As convenient as it is, using a single password at every Web site you visit creates one huge problem: When someone gets your password from one Web site, all other sites you log in to are exposed. Your password can fall into the wrong hands when Someone hacks one of the Web sites you log in to A phisher convinces you to enter your password at a replica site PwdHash handles hacking scams and phishing scams slightly differently, but the good news is that it protects you from both. The following two sections tell you how. Doing the password mash With PwdHash If your password is the same at every other site in your network, one hack is no longer an isolated incident - it's a nightmare. It's also a hacker's dream because your security is only as strong as the weakest site you visit. Suppose you visit two Web sites regularly. The first is a low-security, makeshift high school reunion page that an old classmate slapped together over the weekend. The second is Citibank, which houses your financial accounts. Both sites require a username and password. Citibank can implement the most expensive and cutting-edge password defenses in the world, but they'll be entirely useless if a hacker breaks into the reunion page and steals the password list. Do you think he wants to see how you and your classmates are celebrating your 25th? Of course not. He wants to take your password to the bank - literally. Tip Using different usernames at different Web sites makes it more difficult for a hacker to use the login information he obtains from hacking one Web site at another site you use because he still won't know your username at the other site. (This isn't always possible, though, because many sites ask for your e-mail address in lieu of a username.) If you use PwdHash, you can continue to type the same password into both Citibank and the reunion site. The difference is that right before you submit the information to the sites, and without bothering you, PwdHash automatically generates a different version of your password for each site. (If you're using a computer without the PwdHash extension, you need to generate this version manually, as I discuss in "Using PwdHash from other computers" later in this chapter.) This process is called hashing, and in a non-technical sense, you can