Domain: supergenpass.com
Stories and comments across the archive that link to supergenpass.com.
Comments · 21
-
SuperGenPass
For the most part I don't save or memorize passwords. I regenerate them as needed with SuperGenPass. SuperGenPass algorithmically generates passwords by hashing the site's domain name together with a single memorized password. This always generates the same password for any given site. So, I don't have to remember them or store them anywhere, I just need to know how they're generated.
But what if I'm at someone else's computer without SGP installed? The SGP website has a "mobile" version, which is just javascript that runs entirely within the browser. Go there, type in the domain and password, and generate it. (Yes, I've checked the javascript. It's not sending your password out to the mothership or saving anything locally.)
I do keep a notebook in a plaintext file with all the sites I use. This contains the domain name that the site had when I first signed up. Domain names sometimes change, or are ambiguous (ie., the same site is available via both foobar.org and foobar.com). The text file lets me keep track of what I need in order to regenerate the password.
What about sites that require periodic password changes? I use the domain and just suffix my memorized password with a sequence number. And I write the sequence number in my notebook.
What's that? Security questions? I generate the answer by hashing the question itself rather than the domain with my memorized password. And of course, I copy the question verbatim into my text file so I can regenerate the answer when I need to.
The only failing is when I hit a site that doesn't allow certain punctuation, or has length limits, or something of that nature. Then I modify the parameters that I give to SGP and write down the specific parameters that I used.
The notebook is stored on my home fileserver in an svn repository which gets backed up every night. I'm completely screwed if I ever forget my one secret, but it's one I've been using for literally decades now. It's going to be one of the last things to go when my brain develops bit rot.
-
supergenpass
http://supergenpass.com/ is probably the best solution I've seen that's both effective and easily setup. No 3rd party software, no special hardware, no online service. Just a chunk of javascript that's open for review.
-
Re:What's really needed...
This is the basic goal of http://openid.net/
Using facebook's auth mechanism is mostly just a flavor of this.Though see also http://supergenpass.com/
I don't know any of my passwords. I just know my supergenpass phrase.
-
http://supergenpass.com/
http://supergenpass.com/ It's hella easy to use. Portable and device/application independent. Been using it for quite awhile. Every site has a unique password based on a passphrase. You can have as many passphrases as you can remember. I tend to use a different passphrase based on the type of site. It's pretty cool since I don't technically know the password to any site. So even I can't be compromised.
-
SuperGenPass
It's free and the only solution I need to have secure access to all my passwords everywhere I go. I still keep my banking and email passwords memorized but I'm happy to let SuperGenPass handle everything else. Check it out: http://supergenpass.com/faq/
-
Re:Why not client side javascript?
Interesting you say that. SuperGenPass is a client-side app in JavaScript for crypting passwords. It's just a bookmark with a bunch of JS. There is also a version that works on mobile phones too (the app is all javascript, no AJAX or server side), so you could use that on your phone if you're on another computer, or copy that to your own server if you're super paranoid
-
Re:KeePass
IMHO, it's better to never write them down and just generate them algorithmically based on the site's domain or a memorable keyword. Several years ago I just kept a tabula recta in my wallet. Nowadays, you can use something like SuperGenPass.
Personally, I wrote my own equivalent of SuperGenPass that addresses some of the security concerns. That said, I use PassPack with a tediously strong password to keep a backup in case I inadvertantly break compatibility, and a copy of the generator on my website. -
Super Gen Pass works and is very simple
SuperGenPass is a simple bookmarklet that can generate hashed passwords based on a master password. Like KeePass and LastPass you only need to remember one password, but unlike those, it doesn't store anything and you can use it pretty much anywhere.
-
Use mobile SuperGenPass
It only uses clientside javascript to generate passwords for each site based on your one remembered password Sure that means changing the password for every site, but you only have to do that once, then never again need to store passwords. You can even make a bookmarklet to generate the passwords if you get blocked from using that site.
-
Missing the point?
Wow, leaving aside the stupidity and inconvenience of using maps as passwords (sure, there's enough entropy, but shoulder-looking kills it, and it would take much longer to enter a password than with a text-based one), the entire article seems to centre around the concept that this will solve the "multiple passwords" problem.
"Online passwords are tedious, and it seems like too many websites require one"
... "I hate creating a new password for every website where I keep even a scrap of personal information". Seems like the two issues are entirely orthogonal. How is this going to help you with that problem? Either you're going to have to remember dozens of map locations for dozens of websites (same as passwords now), or you're going to have just one location for all sites, and be vulnerable to the same problem as having one password.My solution is to use SuperGenPass, so I have one master password, but it generates a different password for each site, without storing passwords anywhere. There's also LastPass, which I haven't used, but it looks like a nice strong client-side-encrypted cloud-stored password database.
-
Re:Torn
I like SuperGenPass. It never actually saves a copy of your passwords, it algorithmically generates them from the site's domain name and your master password.
I like this approach. Is this similar to Stanford's PwdHash bookmarklet? I've never heard of SuperGenPass or its author before. Here's a caution about not using it on pages you don't trust: http://akibjorklund.com/2009/supergenpass-is-not-that-secure
PwdHash online version: https://www.pwdhash.com/
Firefox add-on: https://addons.mozilla.org/en-US/firefox/addon/1033/) -
Re:Torn
I like SuperGenPass. It never actually saves a copy of your passwords, it algorithmically generates them from the site's domain name and your master password. (Actually, from any two strings. By convention it's the domain and master password, but you could use any identifier/keyword pair.)
It's made to run as a bookmarklet which auto-populates password fields on web forms. There's also a mobile version for when you're using someone else's computer. Either way the password is dynamically generated by JavaScript running locally. The mobile version is also good for pages which have funky login prompts that don't play nice with the bookmarklet. (I'm looking at you slashdot!)
-
Re:Torn
I like SuperGenPass. It never actually saves a copy of your passwords, it algorithmically generates them from the site's domain name and your master password. (Actually, from any two strings. By convention it's the domain and master password, but you could use any identifier/keyword pair.)
It's made to run as a bookmarklet which auto-populates password fields on web forms. There's also a mobile version for when you're using someone else's computer. Either way the password is dynamically generated by JavaScript running locally. The mobile version is also good for pages which have funky login prompts that don't play nice with the bookmarklet. (I'm looking at you slashdot!)
-
Re:Stupid Users
This is why SuperGenPass is your friend. Using one (or more) master password, you quickly generate a unique password for each domain you log in to, all through a handy bookmarklet. Also there's no password storage (except an optional hash for validation), so you don't have to worry about password product XYZ being hacked.
-
Re:Password strength vs. how often you change it
SuperGenPass is rather good for this: it's a bookmarklet that uses the current website address as the seed for an md5 hash of your master password. So you type your master password in, run the bookmarklet and it changes it to the actual password that it generated when you signed up. Some people have suggested that the master password is at risk even being typed in in the first place (Javascript on a hijacked site could recover it), but Chrome has a 'SuperChromePass' extension that does the same and I assume it's more secure. I don't actually think it's a particularly big risk in the first place.
-
http://supergenpass.com/
http://supergenpass.com/ From the site: Instead of storing your passwords on your hard disk or online—where they are vulnerable to theft and data loss—SuperGenPass uses a hash algorithm to transform a master password into unique, complex passwords for the Web sites you visit. There’s no software to install.
-
Re:supergenpass ?
Using SuperGenPass for most of my online passwords. The only problem I have is that it is a pain to use it in Google Chrome (no bookmark toolbar with bookmarklet support), but for IE, Firefox, Safari, Opera and all browsers like them it is perfectly fine. When there is no support, one can use the 'mobile' version. You can even save it to your hard drive as a file.
The best thing about it is that no password is ever stored - it is always generated on the fly from your master password and the domain name of the web site. And that also means that there is no password database to move around.
-
SuperGenPass
As long as you have internet access, SuperGenPass is a great option. It's a little bookmarklet where you type a master password, it will account for the domain you're currently on, and then generate a random password based on both. So, as long as you provide it with the same master password for the same website, it will always generate the same password. And as long as you have access to the internet you can always use it (when you're on the go, try SuperGenPass.com/mobile). I actually use it outside of the web as well. I will just use the name of the application as the domain name.
-
Another option to APG
Just had a similar discussion elsewhere:
http://supergenpass.com/ -
Re:OK, so we have a plug-in..
It's been done:
http://www.angel.net/~nic/passwdlet.html
http://supergenpass.com/genpass/
http://supergenpass.com/
(there are surely others)
Not an extension, but that can be a good thing. -
Re:OK, so we have a plug-in..
It's been done:
http://www.angel.net/~nic/passwdlet.html
http://supergenpass.com/genpass/
http://supergenpass.com/
(there are surely others)
Not an extension, but that can be a good thing.