PswGen Toolbar v2.0

Author(s):



FREE to install and use. No limitations, no nag-ware, no adverts.

If you do find this toolbar useful, consider making a donation? All proceeds go straight to The Mozilla Foundation.

Nothing to remember, write down or save. About as safe as passwords get.

The first time you need a password, enter your common name, and a secret word and number that only you know, and set the desired length (default 8). Now, as you browse around the web, it will update the site name and generate passwords for you on the fly. Press the Copy button to shove the current one into the clipboard, then paste it where you need it. Since you never type it, there's nothing for keyloggers to log! The next time you're on the same site (assuming you entered the same static details), it'll generate the same password.

"What does this thing do?"

In plain English, it uses your common everyday general-purpose password and secret-number inputs to make a really high-strength password.

Getting slightly technical: It takes your input values, uses them to create a secure hash (with SHA512, in case you were wondering), then uses that to look up characters to generate a strong, collision-resistant, rubbish-looking password.

If you want more details, just leave a comment on the blog site and I'll be happy to get in touch. There's NO magic here, it's just a consolidated implementation of solid existing technologies.

"And why would I care?"

Random-looking passwords are good. Predictable passwords are not. If you, for example, use a five-character password composed of lower-case letters only, that represents 26^5 or 11,881,376 possible combinations. Assuming a serious computer could try a thousand a second, it would take 11,881 seconds or about three hours and twenty minutes to iterate through all of them. That's not a lot of time! And on average you'll hit the solution in half that time. Of course, depending on what the password is being used for, and in fact in most cases, you simply cannot try a thousand times every second. But we're looking at worst-case and best-protection here.

Taking that same situation, but using a 5-character password generated on this site, there would be 65^5, or 1,160,290,625 permutations, meaning that the same serious computer attempting the same crack-attacks would take 1,160,290 seconds or 322 hours. That's one hundred times stronger. In fact, it's probably a lot stronger as you may well have used a predictable (or slightly mangled) word as your password, which makes it susceptible to a dictionary attack. Switching to a character-set which uses upper-case and lower-case letters along with numbers and symbols adds an enormous amount of strength, and makes passwords much more resistant to dictionary attacks.

** Longer Is Stronger **

Taking the above example even further, let's just add one more character to it. This doesn't make the password slightly stronger as you might think, it makes it SIXTY-FIVE times stronger. Yes, the number of permutations is now up to 65^6, or 75,418,890,625 which would now take that nasty cracking monster nearly two and a half years to chew through. Even the brute-force crackers would probably give up at this point and move on to an easier target. Let's get extreme here and take it up to ten characters. Now you have 65^10 or 1,346,274,334,462,890,625 permutations taking over 42 million years to test. You're now at the level of password complexity that would require a botnet of a hundred thousand monster cracker computers 213 years of full-time work, on average, to break. I think by now you've probably got the point.

"Why can't I just use the same password everywhere?"

If the key to your car is stolen, you might lose your car. If that same key is used to access your house, safe, motorcycle, gym locker, safety-deposit box, office, postbox, garage and garden shed, you could lose just about everything you own. Think about it.

Now think about this: that key gets copied by the mechanic who services your car. Somebody that you just hand it over to, somebody who needs it. There's no avoiding giving him the key. So why give him the key to your entire life? Just give him the car key! It's exactly the same with passwords. NEVER use the same password in more than one place, there is always a chance that somebody peeks at it, and tries it (along with the same email address you registered with) on various other common sites. Before you know it, your online accounts have been hijacked. Just don't do it! Rather use utilities like this to generate unique strong passwords for each site or service. You retain the keys that can unlock the passwords, they see only what they need. Nobody ever gets your password for another site.

"What do you do with my information?"

I use it to generate a password for you. That's all. The details you entered are not retained, transmitted or recorded by this addon. Don't take my word for it. Browse the source code and verify for yourself.

"How can I get in touch with the author?"

I'd love to hear from you. Leave a comment here and I will respond. Or follow the links to my blog site - if you register and leave a comment there I'll be able to email you directly.

Download files:

pswgen-toolbar-2.0.1-signed.1-signed.xpi


This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.