passworDDD

Unique passwords for every website, no gobbledygook and nothing stored!

How It Works Use The Tool FAQ About Me Read A More Technical Description

How it works

Generate unique passwords for every website to protect yourself against hackers - if one site is cracked, you won't have to worry about changing your password on other websites. The approach is easy enough for anyone to understand but also uses modern cryptography:

  1. Type a website name - this will be used as a foundation for scrambling the website name into a unique password
  2. Pick 4 of your favorite things - Your selections will be used to scramble the website name into something unique, generating a custom password for each website
  3. Generate a safe, long, easy password - The tool will convert your choices into a password with words, numbers and symbols specific for each website. Use the same 4 favorite things for any other website and the password will always be different because: math! (For more info see: Hash, Salt, Diceware, Entropy)

Use the Tool

Type the website name (skip the www. prefix)

A) Pick your favorite animal

B) Create a favorite pattern




C) Pick your favorite 3 digit number

D) Pick your favorite emoji







×

Your unique password for:


For added security, append a 3rd secret word! Ideally, use one not in the dictionary. For example, a misspelled word (e.g. buorbon) or a city with missing vowels (e.g. Sprngfld). You can use the same one for every website, just don't write it down!

Frequently Asked Questions

Question Answer
Do I use the same 4 favorite choices for every website? Yes, always pick the same favorite animal, etc. Your choices inform the calculations that generate a unique password by combining your information with the name of the website in complex ways.
If someone knows one password for one website, can they figure out my password for another website? No! That is the beauty of this approach. This uses techniques (hashing) that are one-way and cannot be reverse engineered. If your password is stolen for one website, just change it by changing one of your favorite things (e.g. pick a new emoji).
Why should I append a third secret word? In cryptography this is called a "pepper" and this extra secret word makes this technique even safer - longer passwords are more secure. Just don't write it down.
Do you store any of my information? Our tool stores nothing! Each time you use the tool, you reselect your favorite choices. There are no servers, databases, cookies nor local files with your choices - everything is done dynamically.
Can I see the code? Everything is on GitHub which will serve as the official archive.
Do the passwords have a pattern that would make it obvious that passworDDD was used to generate them? Not obviously: Capitalization, size of the number and order of the parts varies. So, in the highly unlikely situation where someone is able to see your plain text password, it won't be obvious that passworDDD was used as the method.

About Me

This software was developed by Ben Lewis, a professional consultant with 20+ years of experience serving the largest global financial services firms (e.g. banks) on a variety of strategic and technology matters.

Reasons I created this: I wanted a unique password for every website so I no longer had to worry about changing every password if a single website with my credentials was hacked. And, I wanted it to be more complex than having a root password with something added to be website specific (e.g. iloveyou-Amazon99). And, I didn't want to generate gobbledygook random-looking characters which would be hard to comprehend. And, I wanted it to resist dictionary attacks by being long. And, I wanted to vary the output to not be obvious that I was using this system. And, I didn't want to have to store anything (an account/login, one password to rule them all, soft key, etc.) anywhere (database, cloud, local storage, clipboard, cache, etc.). And, I wanted to use one-way hashing algorithms so output can't be reversed engineered to identify the secret selections. And, I wanted it to work on all devices, no installation necessary. Finally, I wanted it to be free.

Technical details

All code is available via GitHub. Those with number theory, cryptography and programming skills are welcome to review the code and analyze the hashing algorithms which use a combination of rules including bitwise, modular math, loops, irrational numbers and other logic.

In plain English, here is an illustrative hashing algorithm:

  • Based on the website name + favorite selections, automatically pick some letters in the website name, convert those letters into a number, then generate an irrational number and apply some one-way transformations by using the favorite selections, then convert the resulting four digit number into a word, then determine the order of where to put the symbol

The hashes were tested to have an even distribution across all possible values as well as having a strong avalanche effect (slight differences in website names are amplified). If you see any issues feel free to email me or better yet discuss on GitHub.