JavaScript Password Manager

What is a password manager?

See the Wikipedia article. In short, password managers are used to recall one of multiple passwords for different purposes using a single “master password” (or passphrase, or key). Keep in mind, however, that this is not a regular password manager; we do not store your passwords at all.

How does it work?

Instead of storing your passwords (encrypted or not), the passwords are generated using your master passphrase plus a modifier tag as the input to a cryptographic hash function. The hash function ensures that 1. nobody will be able to determine your master passphrase given one (or more) of your passwords; and that 2. your passwords are hard to crack using brute force.

How do I use it?

Enter your master passphrase and a tag for the password and click “Generate password”. It's that easy!

Is it safe?

Well, that depends. The most likely threat to safety is that your computer gets infected with a key logger that records your passphrase and transmits it to the hacker who installed the key logger. Another plausible threat is that somebody hacks the web server that hosts the password manager and modifies it to steal the passphrases of all the users of this service. One way to mitigate these threats is to download the password manager to your own computer and disconnect the computer from the Internet.

What is a (good) passphrase?

See the Wikipedia article. Please see the xkcd comic “Password Strength” for an illustration of why passphrases are better than passwords. Your passphrase should have at least 5 random words or 12 random alphanumeric characters.

What is the purpose of the “tag” field?

The tag is a short string that identifies the purpose of the password you want to generate. For example, if you would like to use the password manager for your amazon.com account, you could enter “amazon” here. (You will, of course, also have to remember the tag you used when you first set your password at the website in question. For this reason, we suggest that tags are entered as single, lowercase words. Use “yahoo” for your Yahoo! account, “gmail” for your Gmail account, “hotmail” for your Hotmail account, etc.)