Site Password

Most users have accounts on a large number of web sites. Today, they have a choice of one password for all sites or a different password for each site. Neither choice is attractive. This tool produces a different password for each site from a single password provided by the account holder.

The screen shot shows a typical use. The user types a hard to guess password into the first field and an easy to remember name for the site being accessed. The tool computes a password to be used for that site. In this example, the hard to guess password is qwerty.

You should pick a very strong master password, 10 or more characters that include numbers and special characters. You can protect yourself further by appending your userid to the site name, e.g., "amazon,".

HP adapted Site Password as its Anti-phishing Toolbar for Internet Explorer. That product is no longer available, but it still has some users (including me). It produces different passwords than the versions listed below, but it has some additional features, such as remembering user and site names. Two versions are available.

A version you can use from any web browser
A plugin for the Chrome browser (access on request)

Technical Report
Python version
Windows executable
The source for the Windows version
A PHP version provided by Gérard Ernaelsten
A Tk version provided by Neil Madden that remembers your site names
A JavaScript version

There are a number of extensions that can be made. For example, a pull down menu for site names would be nice.

Versions have been written for PocketPC, Palm, and Nokia EPOC cell phones in J2ME. There is also a Java applet and a console version for *nix. Each of these needs improving before distributing it. If you're interested, contact me.

Versions were produced by the following people:

Alan Karp - Python
Ren Wu - Windows
Kevin Smathers - *nix
Bill Serra - PocketPC
John Schettino - Palm, Nokia, Java Applet

YanQiQi has produced a similar tool called SuperPassword, which is available for free. Unfortunately, the algorithm used in that tool is not portable.

Paul Johnson has produced a bookmarklet that uses MD5. However, the resulting passwords consist of only 8 lower case characters and integers. It appears that the binary to ASCII conversion is something other than Base64.