Password generator

Michaël Lemaire f3c2ffe7ed Fixed publish 2 months ago
cli f720b8991f Added CLI 2 months ago
dist f3c2ffe7ed Fixed publish 2 months ago
src f720b8991f Added CLI 2 months ago
.editorconfig 3ed7dcdc81 Version 1.1.0 6 months ago
.gitignore f3c2ffe7ed Fixed publish 2 months ago
.npmignore f3c2ffe7ed Fixed publish 2 months ago
README.md f4badc8923 Fixed npm publish 2 months ago
activate_node f720b8991f Added CLI 2 months ago
manifest.json f720b8991f Added CLI 2 months ago
package-lock.json f3c2ffe7ed Fixed publish 2 months ago
package.json f3c2ffe7ed Fixed publish 2 months ago
tsconfig.json f4badc8923 Fixed npm publish 2 months ago

README.md

HashLock - Secure passwords for Firefox

About

HashLock is an add-on for the Mozilla Firefox web browser, allowing you to use a different password on each website.

Important note : This is alpha software, and is not yet available on the official add-ons store. Use at your own risks.

Security

Having a different password on each website is a strong security recommendation. This way, if a website is hacked, and your password is stolen, it can't be used on every website you've got an account on.

This add-on helps by generating a unique password for you, on each website you visit. The password is generated from 3 components :

  • The website main name (for example, if you're visiting http://www.mozilla.com/en/, the part mozilla will be used)
  • A private key (only visible in the options page, you never have to type it)
  • A common password you have to type (it can be a trivial word like banana without security risk)

The private key is added as an extra layer of security. The only downside of it is you have to keep it in a safe place, and you get to have it if you're not on your usual computer.

Installation

Once reaching a beta stage, the add-on will be made available from the official add-ons store.

If you are a developer, you can clone the repository, and use these commands to test the add-on:

npm install
npm run build
npm run browser

Usage

On the first install, the add-on will generate a unique private key. This key is accessible from the add-on's options page. This key is very important and you should keep a copy of it in a safe place. Don't change this key once it has been used to generate a password, or the password will change too.

Now, when you have a password field on a website, all you need to do is type inside a simple keyword of your choice, followed by the dash sign # (for example, type foobar#). You can use the same keyword on each site (it is even recommended). Once you click outside the password field, a secure password, unique to this website, will replace the typed one. The field should get surrounded by a yellow frame, so that you know it worked.

The only thing you have to remember is the keyword you typed before the dash sign, and always use it.

The site tag used to generate the password is extracted from the site's domain (eg. www.example.com will use example as site tag). If the site detection is wrong, or if the password has been created on another domain (for example, live.com and microsoft.com share the same password), you can specify the site tag with the syntax foobar@sitetag#.

By default, generated passwords are composed of 12 alphanumeric characters. To generate different length, or character sets, the syntax foobar~12w# can be used. The number is the length of generated password, and the letter is either w for alphanumeric, d for digits or c for alphanumeric with a special character.

All syntaxes may be combined: foobar@sitetag~14d#.

Sources

Sources can be found, reviewed, or contributed to, on GitHub.