Unique passwords for all your accounts. With one single passphrase.
|
|
|
You must not re-use passwords.
If you are using the same password for different websites, anybody who gets hold of your password can login to other sites using your account.
This tool creates a unique password for each of your websites.
All it needs is the website's name and a passphrase.
All you need is one single passphrase for all your accounts.
Please note that versions 1 and 2 the algorithm are probably not safe, use SHA-2 only.
Instructions
▶ Type the website into the top left field.
▶ Type your passphrase into the field below. Use the same passphrase for all your accounts. Use something that's easy to remember, but contains four words or more. Remember it. Never write it down anywhere.
▶ Click one of the buttons to create a password.
▶ Your password will be displayed below. Copy and paste it into the website. Some calculation details are displayed in the bottom right field.
▶ Remove the data from your browser to prevent a bystander from reading your password (press button Clear Data or click into the passphrase field or hit Ctrl+F5).
How does this work?
Each generated password is unique for the website and the passphrase.
Technically, the passphrase is split up into words, then the website name
is combined with these words in a series of multiply, add and modulo operations.
Every single character in the passphrase influences all characters in the resulting password.
One leaked password does not put all your other passwords in danger, and your other accounts are safe.
All mathematical operations are executed in your browser.
Nothing is stored on the web. No cookies are read or written.
The source code is entirely inside this page, nothing is loaded from external sources.
To check you may right-click and select "show page source".
(The algorithms 1 and 2 are experimental, please use at your own risk. SHA-2 is a known security function, please use this for normal use)
If you would like to attack algorithm 2 and show what you did, please email me or leave a comment on github. Algorithm 1 has already been defeated.)
Why is this service free?
This meant to be a secure password generation service.
In order to be secure, no data must travel between your computer and the internet.
All commercialisation technologies that exist need to read data from you computer, either for advertising, recording clicks, or license checks.
Since this should be a secure service, it therefore must be free.