EtherPass
Pulling good passwords right from the ether . . .
Pulling good passwords right from the ether . . .
EtherPass is a password generator. Given the same username, domain and master password it generates the same password. That means that you only have to remember a few master passwords and still use different passwords for each domain you log in to.
This is the recommended way to use EtherPass:
Add a digit (1, 2, 3...) to the domain to make new passwords.
It uses your login name, domain and super-secret master password to generate a password. It uses PBKDF2 as implemented in crypto-js. It uses enough iterations that a Nexus 5 phone takes noticeable time to calculate the password.
The point is that it is very hard to brute force guess your master password, which is what an attacker would do to try to get to you internet banking password having stolen your facebook password.
The big-boy password managers are too intrusive. They try to make it convenient. And they do. They are better. But intrusive.
I needed something I could use offline and static html pages do that.
I needed to be able to access on a device I trust and enter a password on an untrusted device. It exposes that one password, but I can change it later.
contact at etherpass dot net