I wrote a chrome extension as well as an android app which enable the user to handle more secure passwords with more ease. It's based on J. Coglan's great work you can find at getvau.lt.
I wrote a chrome extension which enables the user to handle more secure passwords with ease. It's based on J. Coglan's great work getvau.lt
Easy and save web service passwords
After different attacks and breaches like the Adobe hack I wanted to find and use a more suitable way to use secure and easy to remind passwords. Many people out there are either using unsecure and easy to guess passwords or (including me until now) try to use a system which derives some kind of service specific passwords from a master password or passphrase. It includes rules like adding servicename parts, numbers and other characters in a special predefined way. Whilst having unsecure passwords is bad for security, the alternative messes with your brain… You only remember the passwords you use often, most of them have to be rebuilt by your rule everytime you have to use it. Another way is to keep it like xkcd and use more memorable passphrases. But still you need more (in most cases way more) than one password to remember.
Tools like KeyPass can save you the effort of remembering more than one password or passphrase and nevertheless having a different password for every service. But still you have to store these passwords somewhere. So in the (luckily unlikely) case if someone cracked your key’s passphrase (or what's more likely the password safe's implementation) he or she could get all your passwords at once. Furthermore you have to install and use this tool on every device you are using as well as synchronising the password safe itself throughout the different devices.
Comfort and security
Such tools (and others) also are able to generate passwords for a new service if you like. These passwords you cannot remember at all (ok, maybe one or two, but that’s it). And most of them are (at least the good ones) hard to guess for a computer, too.
I like getvault the most which is available at github, too. So I took the vault library and wrote a chrome extension called Easy Password Handler providing a popup for every password field, enabling me (and maybe you) using the password generator within the site at the place you need it.
How it works
There still are some issues with special password rules for some services which is by now solved by a short password service rule or a configurable character overwrite as part of the Easy Password Handler overlay.
Allowed or required characters, the desired password length, the default salt method (like prefix, suffix or loginname) and auto submit after generating the password can be configured through the extension’s options. With a current update, using password rules for specific site and creating them by yourself is also possible.
For now it’s chrome/chromium only but I will work on Firefox and Safari support as soon I will have some spare time.