Why did you write this? There are tons of password tools.
Yeah, you're right. This is purely a
"scratching the itch" project - something I need for myself, and written in a few hours, for the web/iOS/Android.
When
Gawker had their passwords hacked, I gradually migrated all my website passwords to a unique password
for each site. I didn't want to use a password generator app, as I didn't feel comfortable typing
a master password into someone else's code, nor being dependent on someone else's app ("what if they stop supporting it?").
So, instead, I manually generated a long password by using the domain
name of the site, and a master password, using SHA1 to generate
a unique long hex value.
Then, yesterday, I couldn't access the online tool I normally used to generate my password, so I decided to throw one together.
And, heck, since I was at it, I might as well do a mobile version - as I noticed I avoided setting up some
accounts on mobile because it was harder to recreate my passwords using web tools. So, a version for Android and iOS was built,
and tested and submitted.
But that might make for a good password, but it's not even a really super secure password!
Yes, there are certainly ways the password could be made harder to hack, with more characters, upper-lower-case mixed, etc.
But the goal here is to keep it simple enough so that if you were one day stuck without any version of Passapus, you could still
manage to generate the passwords on your own.
How can I know it's safe and you're not doing something nasty?
The source for each and every version of this app is freely available open source so anybody can verify that the code
isn't doing anything nefarious. Besides, I also spell out the way the app generates a password, so you can
implement it yourself, either in code, or by manually generating it with any of a number of great, free encryption tools,
like Paul Johnson's
"Paj's Javascript MD5" site.
Ok then, how do you do it?
Simply put - take the domain name of the site you're creating a password for, like, "gmail.com". Then, place a space, followed
by your universal password (if not universal, at least one you can remember as being tied to that domain) -- then run that whole thing
through SHA1.
Of course, you can enter the domain name in a particular way (with or without "http"; written backwards; dropping the ".com", etc.),
whatever works for you, and, more importantly in a way you can remember.
What does the "number of characters" field mean?
Some sites have a fairly low cap on the maximum length of your password (for example, paypal maxes out at 20 chars).
For these sites, you can enter a number in this field and your password will be trimmed to be that exact length (taking the
substring from the beginning of the password). If you don't want to trim it, then leave it at 0.
Why Passapus?
Cuz I can draw a platypus, sorta.
Where can I get the source? How can I reach you?
Look at the
footer of this little site.
The password generated on this page is done purely in javascript (your info is *not* sent to the server), and as such is available in this document
("view-source"), it uses
jQuery for DOM manipulation,
Bootstrap
for layout, and
Paul Johnson's SHA1 code.