Jump to content

Start using (more) secure passwords online

Recommended Posts

SuperGenPass (see second post for update)


The above link gives you an easy tool for creating secure passwords, though they are only usable online. You provide a master password, and it will then take that, combine it with the domain of the site, and creates an md5 hash of it. You can select options like the case of the password (I don't see a reason to pick anything other than "mixed", unless the site specifically requires a certain case), the length, and several other things. It can generate your passwords online, or you can create a bookmarklet that will do the same thing for you, but not require the website. In either case, your information is not transmitted back to his (or any other) site. So, all you have to do to start using this today is: go to the site, find the "build your bookmarklet" section, look through the options (the default are fine, but I changed the generated length from the default of 8 to "ask each time", and the case to "mixed"; be careful changing the length, if you use different numbers on each site, you might forget what you used on a particular site!). Then hit the "Build Bookmarklet" button, and add the bookmarklet to your browser. I added it to the bookmarks toolbar so it's always a single click away.


Who this will help: Anyone who uses the same password for every website. If you're already using different, secure passwords at each site, then more power to you (that is difficult; the more secure a password is can generally be linked to how random the password is--along with other things like length and what the set of characters used is--so if you're remembering multiple secure passwords, you've got a great skill!)


How this will make you more secure: Using a single password everywhere is dangerous. With this tool, you are using a different, totally random password at every site you visit. They can't be reverse engineered, i.e., a hacker could not take your generated password and figure out your master password from it.


What this does NOT do: - If your master password is compromised, your password can be compromised. Of course, a malicious user would still have to know that you used this particular generator.- If your physical machine is compromised, particularly with the bookmarklet, particularly if your master password is encoded in the bookmarklet (I changed it to ask each time), you are not safe. You can turn off the browser's automatic storing of passwords, but that could get very cumbersome. If you are extra-paranoid, you can change your master password at a certain interval. And, to be honest, it probably wouldn't hurt to do that anyway, even with the randomness of this. A nice feature of this particular generator is that it is available online. If you lose the bookmarklet, if you get a new computer, whatever, you can find it at that site. If you're even worried about the site going offline, you can (in theory, I didn't try this) store the page locally, burn it to a few CDs, and even store one in a safe deposit box. I don't think I'll go that far though.


A note for IE users (note 4/14/2012: this may not apply to newer versions of IE, I'm not sure):

Some browsers—most notably, all versions of Internet Explorer, some older versions of Safari and Opera, and many smartphone browsers—place a severe limit on the length of bookmarks. Use the Internet Explorer version of SuperGenPass for these browsers. It circumvents the limit by downloading this JavaScript file each time you use SuperGenPass (though it will likely be cached to reduce bandwidth usage). Only generic JavaScript code is downloaded, and no information is ever transmitted to this or any other Web site. (Internet Explorer may prompt you with a security message when you add SuperGenPass to your favorites. This is typical of all bookmarklets and can be safely ignored.)
Link to post
Share on other sites
  • 1 year later...

I just wanted to reply to this very old topic here to say that the guy who made GenPass has since made an updated version, aptly named SuperGenPass. It's available at http://supergenpass.com, still with an easy to use bookmarklet. However, it is not compatible with GenPass passwords.

Link to post
Share on other sites
  • 2 years later...

I'm still using this generator to make my passwords. However, since switching back to Chrome I've found this fantastic extension: SuperGenPass for Google Chrome™ by Denis. It basically eliminates the need for a bookmarklet. You install the extension and then go into the options. Here you type in the password(s) you want to use, the length of the password (10 by default, you can make it anything though) and a note. That's it for setup! Once you encounter a webpage where you want to sign in, you get to the password box, and press "1" (by default; you get to pick what you use). Upon your first try after launching Chrome, you'll have a window popup where you enter your master password to "unlock" it. For all subsequent uses in that session (i.e., until you close Chrome) you just hit the number key and it automatically populates the field for you! However, I still have the mobile site, http://supergenpass.com/mobile bookmarked for the sites that it doesn't work on. Mainly those sites are Flash sites.

Link to post
Share on other sites
  • 8 months later...
  • 1 month later...

I used Chrome's "manage saved passwords" link (wrench -> settings -> show advanced -> under passwords and forms) to review my saved passwords. I discovered that 13 of my passwords that I had stored were identical--and they were my master password that I use for supergenpass. That is pretty terrible security!


In light of the LinkedIn password hacking, I am auditing my passwords. In my case, the LinkedIn password I was using was generated by SGP--so I didn't lose anything but that password. I have since changed it. It would be wise if anyone using LinkedIn did the same! And any passwords that are the same as your LinkedIn password (if you were using SGP, you wouldn't have that issue!) are potentially in jeopardy too. The article says it's not clear if email addresses or usernames were included along with the passwords, but it says bundling them together is common.




When account information is lost, MOST of the time your username and/or password will be mailed to you (or you click a link to change them, usually a password is not sent plaintext). If you lose control of your email account, you can lose control of most other website accounts too!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...