SuperGenPass allows you to remember just one password (your “master password”), which is used to generate unique, complex passwords for the Web sites you visit. SuperGenPass is a bookmarklet, so there’s no software to install. It works right from your Web browser and integrates with login forms. SuperGenPass never stores or transmits your passwords, so it’s easy and safe to use on multiple computers—even while traveling. It’s also completely free.
Update: SuperGenPass has been updated to version 1.3, which incorporates a few minor interface tweaks. Please view the changelog for more information. Previous versions of SuperGenPass are available in the archive.
Use the form below to make your SuperGenPass bookmarklet. If you have never used SuperGenPass before, please visit the “How it works” page before proceeding. This is a JavaScript form; it will not transmit any information.
Some browsers—most notably, Internet Explorer and some versions of Safari and Opera—place a limit of the length of bookmarks and favorites. Since the code necessary to run SuperGenPass exceeds this length, versions for those browsers download this JavaScript file at runtime. Only generic JavaScript code is downloaded, and no information is ever transmitted to this or any other Web site.
If you are unsure if your Web browser supports long bookmarks, try the Firefox version. If SuperGenPass fails to load, then use the Internet Explorer version.
Internet Explorer may also prompt you with a security message when you add SuperGenPass to your favorites. This is typical of all bookmarklets and can safely be ignored. [Go back]
The first option (enter your master password each time) is the safest. Entering your master password each time is the only way to take full advantage of the security that SuperGenPass offers. When using SuperGenPass on a public or untrusted computer, this is the only option you should consider.
The second option (enter your master password each time, but use a hash to verify it) is also very safe, but it stores a hash of your master password (calculated multiple times) in the bookmarklet. This, in effect, prevents you from mistyping your master password, which is an especially valuable safety mechanism when you are creating a new Web site account. While the hash cannot be used to reverse-engineer your master password, it could be used to mount a dictionary or brute-force attack. Given access to your bookmarklet and enough time, your master password could be compromised. For maximum security, this option should only be employed on trusted computers.
The third option (hardcode your master password into SuperGenPass) is the least secure, and should never be considered safe in any way. This option is provided only for the convenience of the many users that have requested it, but let me be clear: I cannot recommend this option under any circumstances. While elementary steps are taken to mask your master password, it is more or less stored directly in the bookmarklet. This means that: (1) it is stored on your computer’s hard drive, where it is vulnerable to spyware and other exploits; (2) anyone with physical or remote access to your computer can easily generate passwords without knowing your master password; and (3) anyone with physical or remote access to your computer can, with limited effort, extract your master password for later use. Again, I cannot recommend this option, as it effectively negates all of the security advantages that SuperGenPass provides. [Go back]