Mozilla Firefox plugin to generate unique passwords on each website

Michaël Lemaire 6c965d515b Version bump 1 month ago
out aaa0176bd9 Bind dynamically created inputs too 1 month ago
src aaa0176bd9 Bind dynamically created inputs too 1 month ago
.gitignore 80e9964604 Rewritten in Typescript, and upgraded to WebExtensions 1 year ago
README.md 19425da238 Fixed sitetag parsing for .co.uk domains 1 month ago
activate_node 19425da238 Fixed sitetag parsing for .co.uk domains 1 month ago
manifest.json 6c965d515b Version bump 1 month ago
package-lock.json 19425da238 Fixed sitetag parsing for .co.uk domains 1 month ago
package.json 19425da238 Fixed sitetag parsing for .co.uk domains 1 month ago
tsconfig.json 19425da238 Fixed sitetag parsing for .co.uk domains 1 month ago

README.md

HashLock - Secure passwords for Firefox

About

HashLock is an add-on for the Mozilla Firefox web browser, allowing you to use a different password on each website.

Important note : This is alpha software, and is not yet available on the official add-ons store. Use at your own risks.

Security

Having a different password on each website is a strong security recommendation. This way, if a website is hacked, and your password is stolen, it can't be used on every website you've got an account on.

This add-on helps by generating a unique password for you, on each website you visit. The password is generated from 3 components :

  • The website main name (for example, if you're visiting http://www.mozilla.com/en/, the part mozilla will be used)
  • A private key (only visible in the options page, you never have to type it)
  • A common password you have to type (it can be a trivial word like banana without security risk)

The private key is added as an extra layer of security. The only downside of it is you have to keep it in a safe place, and you get to have it if you're not on your usual computer.

Installation

Once reaching a beta stage, the add-on will be made available from the official add-ons store.

If you are a developer, you can clone the repository, and use these commands to test the add-on:

npm install
npm run build
npm run browser

Usage

On the first install, the add-on will generate a unique private key. This key is accessible from the add-on's options page. This key is very important and you should keep a copy of it in a safe place. Don't change this key once it has been used to generate a password, or the password will change too.

Now, when you have a password field on a website, all you need to do is type inside a simple keyword of your choice, followed by the dash sign # (for example, type foobar#). You can use the same keyword on each site (it is even recommended). Once you click outside the password field, a secure password, unique to this website, will replace the typed one. The field should get surrounded by a yellow frame, so that you know it worked.

The only thing you have to remember is the keyword you typed before the dash sign, and always use it.

Sources

Sources can be found, reviewed, or contributed to, on GitHub.