Mozilla Firefox plugin to generate unique passwords on each website

Michaël Lemaire 96fb446242 Updated icon 1 year ago
out 96fb446242 Updated icon 1 year ago
src 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
.gitignore 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
README.md 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
hashlock 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
manifest.json 96fb446242 Updated icon 1 year ago
package.json 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
tsconfig.json 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
yarn.lock 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago

README.md

HashLock - Secure passwords for Firefox

About

HashLock is an add-on for the Mozilla Firefox web browser, allowing you to use a different password on each website.

Important note : This is alpha software, and is not yet available on the official add-ons store. Use at your own risks.

Security

Having a different password on each website is a strong security recommendation. This way, if a website is hacked, and your password is stolen, it can't be used on every website you've got an account on.

This add-on helps by generating a unique password for you, on each website you visit. The password is generated from 3 components :

  • The website main name (for example, if you're visiting http://www.mozilla.com/en/, the part mozilla will be used)
  • A private key (only visible in the options page, you never have to type it)
  • A common password you have to type (it can be a trivial word like banana without security risk)

The private key is added as an extra layer of security. The only downside of it is you have to keep it in a safe place, and you get to have it if you're not on your usual computer.

Installation

Once reaching a beta stage, the add-on will be made available from the official add-ons store.

If you are a developer, you can clone the repository, and use these commands to test the add-on:

./hashlock install
./hashlock run build
./hashlock run browser

Usage

On the first install, the add-on will generate a unique private key. This key is accessible from the add-on's options page. This key is very important and you should keep a copy of it in a safe place. Don't change this key once it has been used to generate a password, or the password will change too.

Now, when you have a password field on a website, all you need to do is type inside a simple keyword of your choice, followed by the dash sign # (for example, type foobar#). You can use the same keyword on each site (it is even recommended). Once you click outside the password field, a secure password, unique to this website, will replace the typed one. The field should get surrounded by a yellow frame, so that you know it worked.

The only thing you have to remember is the keyword you typed before the dash sign, and always use it.

Sources

Sources can be found, reviewed, or contributed to, on GitHub.