Fr 25 September 2009
By Jochen Breuer
In Web .
tags: Linux Mac Web
IMPORTANT UPDATE: Don't use SuperGenPass!
As Ximo pointed out in his comment SuperGenPass is insecure! I should have realized that immediately but that's life. Due to the fact that SuperGenPass (as a Bookmarklet) hooks to the DOM of the current website the input field you enter your master password can be spoofed rather easily. And with the master password in the hands of someone else you are pretty screwed! Try the Demo .
Like everyone else I have an enormous amount of passwords, because every website you register expects you to create a new pair of login credentials (since most websites don't support some sort of SSO or OpenID ). It is no paranoia to choose a new password for every website, because you never know how they store the password and whether you can trust the website owner. So choosing the same password for your Gmail account and your XY blog is not very wise.
But that generates a problem. Beyond a certain amount of passwords it gets very hard to remember them. I have something around 200 passwords and I just remember 10 passwords for the most common websites I use. I solved this problem with 1Password from Agile Web Solutions . This worked rather well, because I mostly use a Mac for work and at home. But recently I started doing some more stuff at my Linux box again. I think I don't have to tell you that I had to look up the passwords more than once at my Mac to login to a certain website and that was annoying. So I looked around and found a very nice solution to my problem: SuperGenPass
SuperGenPass is a Bookmarklet that takes a master password and the domain name to generate a hash that you use as the login password. Its fairly simple. You enter the username and then proceed to the password field. There you enter the master password and click on the SuperGenPass bookmarklet. SuperGenPass will then inject the generated hash into the field and even mark it, so that you can see which input fields have been changed. It also shows a popup where you see the password SuperGenPass has generated - if you wish. Since this is bookmarklet everything is local. Your master password won't be submitted to generate the hash. Nice, isn't it? And it works with Firefox, Safari, Opera and even Internet Explorer (don't use IE, btw).
So there is no more problem with having hundreds of (fairly save) passwords without using a password manager. But for me SuperGenPass is something like a backup. I still use 1Password, because it automates the login procedure and reduces it to just one click. The only thing that has changed it the way to come up with a password. And if I'm at an other computer I won't have to walk over to my Mac to look up every password.
There are comments .