Most users have accounts on a large number of web sites. Today, they have a choice of one password for all sites or a different password for each site. Neither choice is attractive. This tool produces a different password for each site from a single password provided by the account holder.
The screen shot shows a typical use. The user types a hard to guess password into the first field and an easy to remember name for the site being accessed. The tool computes a password to be used for that site. In this example, the hard to guess password is qwerty.
You should pick a very strong master password, 10 or more characters that include numbers and special characters. You can protect yourself further by appending your userid to the site name, e.g., "amazon, email@example.com".
HP adapted Site Password as its
Anti-phishing Toolbar for
Internet Explorer. That product is no longer available,
but it still has some users (including me). It produces different
passwords than the versions listed below, but it has some
additional features, such as remembering user and site
names. Two versions are available.
A version you can use from any web browser
A plugin for the Chrome browser (access on request)
The source for the Windows version
A PHP version provided by Gérard Ernaelsten
A Tk version provided by Neil Madden that remembers your site names
There are a number of extensions that can be made. For example, a pull down menu for site names would be nice.
Versions have been written for PocketPC, Palm, and Nokia
EPOC cell phones in J2ME. There is also a Java applet and a
console version for *nix. Each of these needs improving
before distributing it. If you're interested, contact me.
Versions were produced by the following people:
Alan Karp - Python
Ren Wu - Windows
Kevin Smathers - *nix
Bill Serra - PocketPC
John Schettino - Palm, Nokia, Java Applet
YanQiQi has produced a similar tool called SuperPassword, which is available for free. Unfortunately, the algorithm used in that tool is not portable.
Paul Johnson has produced a bookmarklet that uses MD5. However, the resulting passwords consist of only 8 lower case characters and integers. It appears that the binary to ASCII conversion is something other than Base64.