Show HN: PW - Simple, secure & cross-platform password generator(simontabor.com) |
Show HN: PW - Simple, secure & cross-platform password generator(simontabor.com) |
Why does it need the service and a password, isn't it generating a password? And how is it cross-platform, it looks like it's web based?
https://github.com/simontabor/pw - it's got node-webkit so there's a mac app in that repo and should also work on Windows + Linux nicely (this is simply to take it out of the browser where it's easy to lose tabs and put it in a clean, small window)
This is a quick alternative that should work on Mac OS and Linux, and Windows when openssl has been installed in a similar way.
I usually just use a single password across most services, so they all know your password, even if you trust them not to store it in plain text. It's infinitely more secure to use something like PW, never entering your main/master password into any other services and then have a generated hash that really means nothing to anyone (can't be decoded or anything stupid). The length factor here makes very little difference, and only you need to know that you use 40 character password (yes, 40, which I bet is longer and more secure than your current password(s))
How would you randomise the length of the password in a repeatable + secure manner?
There is a reason passwords like 'the old lemon man jumped high as a pokemon' are getting more popular.
You could easily just use 'servicename||this is my secure password' as your password, but it's still obvious what the pattern is to anyone who obtains that password, rather than getting 404fC7C426Cb6cD694E6C2Ee828c133fA771AcC8. You should be able to leave your password and email address in public places without anyone being able to have any significant effect on your security (they might gain access to one service).
A full search of the password space that this outputs would take ~10^50 years at the moment, on high end hardware, and shouldn't be susceptible to attacks on patterns, assuming SHA is working properly.
One thing I would say is that with something like this you might as well just remember a really long password and tag on the name of the service at the beginning, that will give you (arguably) more security. Something like hackernewsFe26476e75256504234fC7CbBcE05aEd704b94A2.