Remember only one password, generate a different password for each site.
How to use
Type in the Domain name of the site asking for login. Avoid using spaces or other unseen characters,
mixing Upper and lowercase letters, unless you can repeat it next time for sure.
Type User name or Nickname if used for identification on that site. Avoid using spaces and mixed casing as well.
Type your Master Password and password confirmation. This must be a very strong password.
Its strength determines the strength of all other generated passwords. Feel free to use something complex.
While typing it frequently, several times a day, you will easily remember it.
In case you are not satisfied with just a constant sequence and wish enormously increase your passwords protection,
there is a Secret field for the sake of your imagination. Leave it empty unless you are absolutely sure about how to use it,
and what are you going to do and remember about it.
Some sites are invalidating passwords after some period. For such cases, there is a Revision number field.
Simply increment revisions number to get the next password for that site. Remember what revision is used for each site.
Consider creating a URL with the form content auto-fill.
How it works
There is a form. If you fill it each time with exactly the same data, it will generate the same set of passwords.
The form contains: password, salt and instruction for hashing process. The output is Base64/Hex/Numeric/(Special in Policy) result from SHA3 hashing algorithm.
The generated Standard password will always be: W9V3wxNsgiQ2gEu (you can try it yourself)
The generated Policy (16) password will always be: Ha3]T7F&.u~x=A*6 (you can try it yourself)
What actually happens is the following. There is a password, salt and hashing algorithm applied on the password using the salt.
All these calculations are implemented in JavaScript and there is no need to send anything over the Internet. The site is never
accessing the internet after been loaded(page opened) once or if opened locally on the computer after downloading the site from TOOLS.
Each field has it's logical role:
Password/Confirm password - is the password.
Domain, User name and Secret - are used as salt.
Revision - changes the hashing algorithm(salt in Policy).
I've created this site for myself and my community. I do not put any ads on the site, since I can't trust the
external code they bring. This site is based on Zero Trust approach. The code is completely open source
and can be fully downloaded by anybody for offline usage. You can also turn on the Devtools (press F12) in
most browsers and verify yourself that this site sends nothing when you fill the form and generate the passwords.
So, your Master Password and all your generated passwords never leave your browser memory and therefore are as
secured as it's possible.
The problem
We often need to use passwords on many sites. Remembering more than a few is impossible. So most people end up using
the same password or simple variations of one password on many sites. Many sites have poor security and there is a high
probability that a password used there will leak, usually together with the email address. As a result the attacker
gets access to lots of your accounts by hacking only one poorly secured site. The right approach is to use different
passwords on different sites and accounts.
Since it is impossible to remember so many passwords, the standard approach is to save all passwords in some document.
There are various solutions to this on the market, but all of them are based on your trust in the service provider.
The service provider can gain access to all your passwords, alternatively if that provider will be hacked itself all your
passwords will leak.
The solution
This Single Password Solution eliminates the need to trust anybody. No passwords are saved or even sent anywhere. They
can't leak by some site or storage hacking, nor by any network or Internet traffic interruption.
Every password is generated with one of the best cryptographic hashing algorithms - SHA3. This means that if one of
your passwords is leaked from a poorly secured site, no other password nor your master password will be compromised.
You don't even have to trust me (1pwd.org). You can download the whole site anytime and use it offline. In any case, I do not
collect any information about the site usage. The only info I have is the statistical data collected by the hosting (currently it's Godaddy),
and the server log containing last 1000 requests, which contain no information about your domains, user names or passwords.
Except when you use the auto-fill URL (in this case I could see the domain/user/revision/[if included, secret] information in the URL paramaters in the logs).
In any case, I will never see your passwords.
I know nothing about you, my anonymous visitor. Yet, I welcome you and hope you enjoy this service as much as I and my community do.
For thanks, bugs, features and questions,
please contact by email:
Site created and maintained by:
Caracrist.
Thank you for hitting this tab, but there is no way to donate right now.