kestas.kuliukas.com

MultiPass - Easy, safe, simple password manager

MultiPass is a simple Windows program which combines a secret master-password with the name of any number of websites you need passwords for, to create unique, secure passwords for each website. All you need to remember is your master-password and the name of the website and you can re-generate all your secure passwords.

The problems MultiPass solves

If you visit lots of websites you'll need lots of user accounts, which means lots of passwords. The problem is we don't have perfect memory, so we end up compromising in some way:

• Using an easy to remember and easy to guess password
• Using the same password in lots of places, which means an attacker with access to one of your sites can access all your other sites
• Post-it notes/password libraries, which means an attacker only needs to find/access this list to get access to everything, or it may get lost resulting in you being locked out of all your accounts

An ideal solution would need a few features:

• The passwords are impossible to guess and secure
• The passwords are not stored anywhere, but can be regenerated whenever/wherever needed
• The access to your passwords is protected with a master-password, which itself should not be stored anywhere
• It shouldn't require new technology like smart-cards or biometric readers; it has to fit into all user/password systems

How MultiPass works

The user provides the master password and the name of the site/application which the password is meant for. The two parameters are hashed into a sequence of bits, which is reduced into a password.
This generated password cannot be used to find the master-password or any other generated passwords.

Put more simply: Master-password + URL -> Scramble -> New password for URL

Nothing needs to be stored, nothing can be lost: As long as you remember the master password you'll be able to regenerate all your passwords at any time, yet each password generated will be unique and secure.

Using MultiPass

- Open

- Enter password

Choose a master-password: This must remain secret and not be used elsewhere, and like all passwords it should be long and secure.
The scrambled master-password on the right is the confirm-code, used later to check that the correct password has been entered.

- Confirm

Now the master-password is confirmed by entering it again, to make sure there were no typos. The two confirm-codes match, so URL/name is enabled.

- Enter URL/Name

Anything you need a password for can now be generated here: Just type the URL/name in and the master-password and URL/name will be combined and scrambled to generate a secure password.

- Generate many secure passwords

By clicking Save to save URLs/names you don't have to enter the full name in every time you need the password. All the URLs/names you save are saved to the drop-down list.

- Open again to retrieve passwords

When you open it up the next time the confirm-code is still on the right.

- Enter password

As you enter in the master-password you chose last time the new confirm-code is checked against the saved one.
(If the master-password is forgotten the confirm-code won't be any help in getting it back.)

- Generate/re-generate passwords

Once the new confirm-code matches the saved one you must have entered the correct master-password, so your password is instantly confirmed without typing it again.

URLs/names and confirm-codes are stored only to make things faster; all you need to know to generate your passwords is the master-password and the URLs/names.

You can try this out for yourself: Use a master-password of "atestpassword", and a URL/name of "http://kestas.kuliukas.com/MultiPass/", and you'll get a generated password "FXdxJw4Jz2"

Other features

• Multi-pass will clear the master-password if it is left unattended for 2 minutes, so no-one can generate your passwords if you leave your desk and forget to lock.
• Once your master-password is confirmed the URL/name will be set to the last saved URL/name that was used.
• The generated password is copied to your clipboard, so once the password you want is generated it can be pasted wherever it's needed.
• No installation is required, it's just a single file.
• It's open-source, you can check to see exactly what it's doing.

Versions

• 1.1: Generated password copied to clipboard
• 1.2: URL/Name can be saved into a list, password confirmed from saved code
• 1.3: URL/Name list can be backed up to text file
• 1.4: Window will stay on top of other windows while open

Download MultiPass. Download MultiPass source code.