|
|
Hi,
Thanks for the great tool. I've been thinking about doing something along these lines and was wondering if the idea has any merit, either as an SPG enhancement or as something I do on my own.
My twist is that a user would generate many more versions of an SPG-style bookmarklet, probably one per site. This would allow per site customization and use the browser bookmark manager as kind of a library of hashed logins.
For reference, I am the developer of the Password Hasher Firefox extension. The problem is that I switched to Chrome, use Safari on iPhone, sometimes IE at work, and will use whatever device and browser suits me in the future. So a single browser extension doesn't work. PH does allow per-site customization of the generated password and remembers the settings in the browser password database.
I'm thinking that a bunch of bookmarklets could do the same thing in a cross-browser manner. Plus they can be backed up, synched, etc.. You're not relying on a particular tool or a cloud website that may go out of business.
Obviously the per-site settings are world-readable, but don't have your actual master key. It could be tweaked to save a mask to generate existing non-hashed passwords.
So the concept is that when you want to create a new hashed password you would crank up a site or a tool that generates a bookmarklet based on options you choose. It could have a friendly name like "My login for Amazon.com". You could use categorized bookmark folders, keywords, etc. to sort and access the many logins.
Is this a dumb idea? If not, is it something SPG would want to tackle? Otherwise I'd give it a shot.
Cheers,
Steve
|
Locked
