EXTPOSE
Forever Passwords icon

Forever Passwords

Extension Actions

How to install Open in Chrome Web Store
CRX ID
aohkhcakomhokchkbbpnfpglllphpiep
Description from extension meta

Using one secret word or phrase, unique passwords are calculated using the SHA-1 hash function for each website or program

Image from store
Forever Passwords
Description from store

# About Forever Passwords

Using one secret word or phrase, unique passwords are calculated using the SHA-1 hash function for each website or program. Your passwords are 'not stored' on your device or in the cloud.

# How to use Forever Passwords

- https://vpelss.github.io/Forever_Passwords
- Select an Alias: Usually based on a website url (eg: emogic,com)
- Select a Secret: A long, complex, hard to guess word or phrase (eg: The Sound of Music).
- Your password is in the Answer box. The Secret and Alias are used together to calculate all your Answer/Passwords using the SHA-1 hash function
- click 'Copy/Save' and use. Note, when you click 'Copy/Save', your url will be saved in the URL/Alias dropdown menu. You can export this Alias list to be used in Forever Passwords in another browser. It is STRONGLY suggested you keep a recent backup of this alias list.
- Please click Clear/Reset after you have pasted your password. This clears your Secret and the clipboard.

eg:
- Alias: www.emogic.com
- Secret: TheSoundOfMusic
- Answer/Password: VZN8y0YedQO8yE+I9soWniRyPhE=

# Recommendations

- store a local copy of this program (Forever Passwords) in the case our emogic.com, github or the internet is temporarily down. Have a backup plan! Download a copy to your PC. File->Save Webpage Complete
- do not use your Secret anywhere else. eg as a password on a web site
- your Secret should be long, complex, and impossible to guess
- Do not save your Secret in the browser cache or in a password manager
- Clear your password in Forever Passwords after use. Click Clear/Reset
- You should use a different password on every web service you use. This will happen automatically if you use the site URL as the Alias field.

# PWA

You can now install Forever Passwords as a Progressive Web App (PWA) if desired from https://vpelss.github.io/Forever_Passwords/

- From a PC usually there should be an install icon is just right of the url box
- On a Android phone it is usually under the upper three vertical dots, then 'Install App'
- On an IPhone using Chrome, use the share icon on the right of the url bar, then more, then 'Add to Home Screen'

# Possible issues

- A single url requires multiple passwords eg: wwww.mysite.com and cpanel.mysite.com : solution, add www or cpanel to the Alias, not just mysite.com
- A website might not like the password generated. eg: too long, no special characters allowed
- If your password is compromised (via shoulder surfing or malware), you need to decide how to generate a new one using your easy to remember rules. Eg: Add 'compromised' to the Alias (emogic.com.compromised) or (1.emogic.com)

Notes: Spaces are not allowed in the Alias field or the Secret field. The reason is that trailing spaces are not visible, but may be present, and this will create a different password and potentially cause confusion.

The following link is a good password policy resource. See how secure your password is.
https://www.grc.com/haystack.htm

# Also

You can do the same password generation from a shell or command line:

On MAC using
echo -n "mysecret+url" | shasum | xxd -r -p | base64

or

On Linux using
echo -n "mysecret+url" | sha1sum | xxd -r -p | base64

backup.php is for browsers that can't run the JS version.

# Based On

Based on PWCalc a password calculator:

https://chrome.google.com/webstore/detail/sha1-password-calculator/gfdaokhcoidlgljipinbbcafapmmdanb

https://extensions.gnome.org/extension/825/password-calculator/

https://bixense.com/pwcalculator/

The programs above, while excellent, are limited to where they can be used. So I wrote Forever_Passwords in HTML/Javascript to attempt to make it accessible to all platforms and browsers. Its single file design allows you to easily store the code locally for stand alone systems. Tested with newest Chrome, Firefox, and Edge.

# Technical

We take an alias (web url) and join it to a Secret then feed that merged string to a SHA1 routine. SHA1 gives us a 20 byte hash value (message digest) rendered as 40 hexadecimal digits. Then we convert the 40 hex digits to binary. Then convert the binary data to Base64 which gives us a wider spectrum of characters. In essence, we convert the SHA1 Hexadecimal message digest to Base64. This value is the password.

# Created By

https://www.emogic.com/