Generate unique passwords for every website to protect yourself against hackers - if one site is cracked, you won't have to worry about changing your password on other websites. The approach is easy enough for anyone to understand but also uses modern cryptography:
A) Pick your favorite animal
B) Create a favorite pattern
C) Pick your favorite 3 digit number
D) Pick your favorite emoji
|Do I use the same 4 favorite choices for every website?||Yes, always pick the same favorite animal, etc. Your choices inform the calculations that generate a unique password by combining your information with the name of the website in complex ways.|
|If someone knows one password for one website, can they figure out my password for another website?||No! That is the beauty of this approach. This uses techniques (hashing) that are one-way and cannot be reverse engineered. If your password is stolen for one website, just change it by changing one of your favorite things (e.g. pick a new emoji).|
|Why should I append a third secret word?||In cryptography this is called a "pepper" and this extra secret word makes this technique even safer - longer passwords are more secure. Just don't write it down.|
|Do you store any of my information?||Our tool stores nothing! Each time you use the tool, you reselect your favorite choices. There are no servers, databases, cookies nor local files with your choices - everything is done dynamically.|
|Can I see the code?||Everything is on GitHub which will serve as the official archive.|
|Do the passwords have a pattern that would make it obvious that passworDDD was used to generate them?||Not obviously: Capitalization, size of the number and order of the parts varies. So, in the highly unlikely situation where someone is able to see your plain text password, it won't be obvious that passworDDD was used as the method.|
This software was developed by Ben Lewis, a professional consultant with 20+ years of experience serving the largest global financial services firms (e.g. banks) on a variety of strategic and technology matters.
Reasons I created this: I wanted a unique password for every website so I no longer had to worry about changing every password if a single website with my credentials was hacked. And, I wanted it to be more complex than having a root password with something added to be website specific (e.g. iloveyou-Amazon99). And, I didn't want to generate gobbledygook random-looking characters which would be hard to comprehend. And, I wanted it to resist dictionary attacks by being long. And, I wanted to vary the output to not be obvious that I was using this system. And, I didn't want to have to store anything (an account/login, one password to rule them all, soft key, etc.) anywhere (database, cloud, local storage, clipboard, cache, etc.). And, I wanted to use one-way hashing algorithms so output can't be reversed engineered to identify the secret selections. And, I wanted it to work on all devices, no installation necessary. Finally, I wanted it to be free.
All code is available via GitHub. Those with number theory, cryptography and programming skills are welcome to review the code and analyze the hashing algorithms which use a combination of rules including bitwise, modular math, loops, irrational numbers and other logic.
In plain English, here is an illustrative hashing algorithm:
The hashes were tested to have an even distribution across all possible values as well as having a strong avalanche effect (slight differences in website names are amplified). If you see any issues feel free to email me or better yet discuss on GitHub.