Doom, Hacker, Doom!
Well. We have all heard about these big hacks being done.
Honesty
And put your hand on your heart (such that you speak the truth, you devil...), and then say after me: "Re-using the same password on all sites is not a good idea".
60% of we professionals are re-using the same password here and there.
Password Sites
These sites indeed do work. Surely they can also keep your password very well. But. Now your password is again on some site somewhere - which can - of course - be hacked. Suuuuurely they will tell you EVERYTHING about how their site is SAAAFE, and so on and so forth - but - how about if the site gets hacked and just simply plain DELETED?
A script may be the solution
Now, here it goes. Why don't you copy the code put here below, and refit it if you want, into what you would like? It takes a website, and then you put your own generic password there, and even a seed of your choice - a number you can remember well - and then you paste the website into the website field, and click on generate, and woops, out comes a password.
It keeps your seed in your own browser and does the same with the password. So. If you are using this site (store it on your own site in a PHP-file for instance named hash.php) on both your mobile phone and different of your own computers, then you must type your password and seed at least once. Pay attention to that the username is not there. So, now the username is suddenly the secret. Any user who does not have access to your own computer or your own mobile phone will have quite some difficulties getting your password and seed out.
Same Password, same Seed ==> different code per site visited
So. You will now be able to keep your password the same, while now a different code will be generated for each site you visit. Finally, when the code has been generated, it is stored in the copy-buffer, so that you can simply paste it into the site where you are logging into.
This algorithm is indeed not perfect in terms of fitting all these insane password rules - surely that will take some adoption - so, you may have to modify it. Beware that already generated passwords - all of them - will depend on the algorithm, so if you change the algorithm, then all generation will be changing.
However. I will now revisit the more than 600 identical passwords I have been using, because - a site where I have used one of these, has been hacked. So, now it was time to get this done.
I am, however, not in any imminent danger - because I have secured myself by other means, 2 Phase login, SMS, OTP's etc., but, now it has become time for me to secure myself, in a way which is super simple.
领英推荐
Try it out here if you want
Now. If you want to try how it works, then just get onto
- where I have implemented it for the fun of it. But, even though I do not store passwords or seeds generated on the server, I may change the algorithm as I am experimenting with it. So it is not a stable source for generating your own password.
Also pay attention to that the script - while written in PHP, is mainly made in Java Script, so it runs in the browser. All that you will be able to see here below, where the code has been copied in full.
If you are not a coder, then you can get someone to put it on a server somewhere. If you want to run it on your own server, then install an XAMP or LAMP stack on your computer and run it as a PHP-script on your own computer. If many would want it, I will create a stable version and put it online, then you can all use it as you want. But best would be that you simply pick this code, check it out (or have someone do it for you), then fit it to your needs (or just implement it), and start changing all your passwords.
Warning
It is obvious that any use of it is at your own risk and peril.
It is for a coder, so you are on your own, even though naturally you can ask questions :-)...
Well. Here we go. Here is the code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Password Memorizer</title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #003366; /* Dark blue background */
color: white;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
margin: 0;
}
.container {
background-color: #0055A4; /* Slightly lighter blue background for contrast */
padding: 20px;
border-radius: 8px;
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
text-align: center;
}
input[type="text"], input[type="password"], input[type="number"] {
width: 250px;
padding: 10px;
margin: 10px 0;
border: 1px solid black;
border-radius: 5px;
box-sizing: border-box; /* Makes sure padding does not affect the width */
}
button {
background-color: #0066CC;
color: white;
border: none;
padding: 10px 20px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
border-radius: 5px;
}
h2 {
margin-bottom: 20px;
}
</style>
<script>
// On window load, check if a cookie exists for the seed value
window.onload = function() {
var seed = getCookie("seed");
if (seed) {
document.getElementById('seed').value = seed;
}
var cookPassword = getCookie("password");
if (cookPassword) {
document.getElementById('password').value = cookPassword;
}
};
function getDomain(url) {
try {
// Attempt to create a URL object
return new URL(url).hostname;
} catch (error) {
// If error occurs, assume it's due to missing protocol and prepend 'https://'
try {
// Retry with a default protocol
return new URL('https://' + url).hostname;
} catch (error) {
// If it still fails, handle or log the error
console.error("Invalid URL provided:", url);
return null; // or return an appropriate error message or value
}
}
}
function generateHash() {
var website = document.getElementById('website').value;
var password = document.getElementById('password').value;
var seed = document.getElementById('seed').value;
var input = getDomain(website) + password + seed; // Using the seed as salt
document.getElementById('website').value = getDomain(website);
input = input.toLowerCase();
// Store the seed value in a cookie
setCookie("seed", seed, 365); // remain with this seed unless changed. (For ease, as it is personal, stored in persons own browser etc.)
setCookie("password", password, 365); // remain with this password unless changed.
crypto.subtle.digest('SHA-256', new TextEncoder().encode(input))
.then(hashBuffer => {
var base64String = btoa(String.fromCharCode.apply(null, new Uint8Array(hashBuffer)));
var processedString = processBase64String(base64String);
document.getElementById('result').value = processedString;
navigator.clipboard.writeText(processedString);
})
.catch(err => console.error(err));
}
function processBase64String(base64String) {
// Take the first 10 characters
var first10 = base64String.slice(0, 10);
first10 = 'K' + first10.slice(0,6) + '.' + first10.slice(7,10);
return first10 ;
}
// Function to get a cookie by name
function getCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
// Function to set a cookie
function setCookie(name, value, days) {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days*24*60*60*1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + value + expires + "; path=/";
}
</script>
</head>
<body>
<div class="container">
<h2>Password Memorizer</h2>
<div>
<label for="website">Website:</label>
<input type="text" id="website" name="website">
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password">
</div>
<div>
<label for="seed">Seed (Salt):</label>
<input type="number" id="seed" name="seed">
</div>
<div>
<button onclick="generateHash()">Generate Hash</button>
</div>
<div>
<label for="result">Result:</label>
<input type="text" id="result" name="result" readonly>
</div>
</div>
</body>
</html>
Once you have done this, and visited the hundreds of sites and changed your password (and then remember that you cannot change the algorithm after that - so any change you may make, do them first) - then hopefully I will see you here where I am going to be resting: