kestas.kuliukas.com

MultiPass - Easy, safe, simple password manager

MultiPass is a simple, secure, portable app which combines a secret master-password with the name of any number of websites you need passwords for, to create unique, secure passwords for each website. All you need to remember is your master-password and the name of the website and you can re-generate all your secure passwords.

Why? - How? - Usage - Features - Changelog

Get MultiPass: Windows - Linux - JavaScript


Why use it? - The problems MultiPass solves

If you visit lots of websites you'll need lots of user accounts, which means lots of passwords. The problem is we don't have perfect memory, so we end up compromising in some way:

An ideal solution would need a few features:


How MultiPass works

The user provides the master password and the name of the site/application which the password is meant for. The two parameters are hashed into a sequence of bits, which is reduced into a password.
This generated password cannot be used to find the master-password or any other generated passwords.

Put more simply: Master-password + URL -> Scramble -> New password for URL

Nothing needs to be stored, nothing can be lost: As long as you remember the master password you'll be able to regenerate all your passwords at any time, yet each password generated will be unique and secure.

The code used to do this is simple and portable enough to be implemented in the browser using JavaScript (see below), so it can be implemented however/wherever required.


Using MultiPass

- Open

- Enter password

Choose a master-password: This must remain secret and not be used elsewhere, and like all passwords it should be long and secure.
The scrambled master-password on the right is the confirm-code, used later to check that the correct password has been entered.

- Confirm

Now the master-password is confirmed by entering it again, to make sure there were no typos. The two confirm-codes match, so URL/name is enabled.

- Enter URL/Name

Anything you need a password for can now be generated here: Just type the URL/name in and the master-password and URL/name will be combined and scrambled to generate a secure password.

- Generate many secure passwords

By clicking Save to save URLs/names you don't have to enter the full name in every time you need the password. All the URLs/names you save are saved to the drop-down list.

- Open again to retrieve passwords

When you open it up the next time the confirm-code is still on the right.

- Enter password

As you enter in the master-password you chose last time the new confirm-code is checked against the saved one.
(If the master-password is forgotten the confirm-code won't be any help in getting it back.)

- Generate/re-generate passwords

Once the new confirm-code matches the saved one you must have entered the correct master-password, so your password is instantly confirmed without typing it again.

URLs/names and confirm-codes are stored only to make things faster; all you need to know to generate your passwords is the master-password and the URLs/names.

You can try this out for yourself: Use a master-password of "atestpassword", and a URL/name of "http://kestas.kuliukas.com/MultiPass/", and you'll get a generated password "FXdxJw4Jz2"


Other features


Changelog


Get MultiPass ..

.. for Windows

Install MultiPass. Download MultiPass standalone exe. Download MultiPass source code.

.. for Linux

MultiPass on Ubuntu Linux 10.04 via Mono.

Having to briefly go back to Linux recently I expected I'd need to rewrite this in Java to get access to all of my passwords, but I was stunned at how effectively MonoDevelop imported the Visual Studio solution, compiled it into a .exe that runs on Windows and Linux (via mono) without any changes to the source required.
After this I found that even that wasn't necessary, and that mono can run the Windows compiled exe file below, which is pretty impressive.

So; download MultiPass.zip, extract MultiPass.exe, ensure Mono is installed, and run it using:
$ mono MultiPass.exe

.. in JavaScript

This JavaScript web-browser MultiPass implementation gives a good demo of what MultiPass is, and shows the simplicity and portability of the algorithm. For security and convenience reasons it isn't intended as an alternative to the actual app, just as a demo.

It could be used as a last-resort if you are unable to run programs on a computer but need to know passwords (the reason it was made), but only if you have downloaded and checked a copy of the .js files from a trusted connection.

Do not enter a master-password which you use for serious passwords into any remote web-page, ever!

Seeing this message means MultiPass.js didn't initialize correctly, please check your browser's error console and e-mail me with the details at kestas.j.k@gmail.com.

*Thanks to Paul Johnston for this JavaScript MD5 library.

The passwords generated are the same as the app itself, given the same inputs; try "atestpassword" and "slashdot.org" as in the screenshot above.