Storing your passwords anywhere is dangerous whether that be in a database (1Password), in the cloud (LastPass), or using an algorithm (PwdHash). In all three cases an attacker needs only compromise your master password and he would have access to all your passwords. In the discussion of LastPass’s (possible) security breach this would be what many people have been calling a “single point of failure”. While it is valid concern it it would be far worse to return to weak and frequently used passwords. Realistically all of these tools create a net gain in your security.

They enhance your security by making it far easier to use strong passwords. A reasonably long password that is not based on a dictionary word or other commonly used phrase will be near impossible for an attacker to crack. PwdHash’s algorithm always generates a password that contains at least one lower case letter, at least one one upper case letter, and at least one number. They are not based on any word and are always two characters longer than your master password.

Another way password utilities can enhance your security is that they make it easier to use different passwords for different sites. This is very important because you don’t want someone else’s security problems to cause your too-frequently-used password to be exposed. If you’ve used a separate password for every site then a breach in one is mitigated to only that site. One major caveat here is your email server because so much can be accomplished if someone has access to your email.

Security is always a compromise and you have to make that choice for yourself. Just try to be informed so that you understand what compromise you are making. Personally, I’ll continue using PwdHash and while I may seemed biased having written Hashed my opinion really is based on what I think works well for me.