Universal password tool gets update in SuperGenPass

Back in March 2006 I wrote about what I thought was a near-perfect solution to the problem of tracking passwords for any number of Web sites, internal or external— a bookmarklet-generating application from labs.zarate.org called GenPass.

I loved it, and still do, because the idea was so elegant: You added a "bookmarklet" (a piece of JavaScript code embedded in a bookmark) to your Web browser (Internet Explorer or Mozilla). Whenever you came to a Web site that needed a password, you clicked on the bookmarklet and typed a universal password.

That password would be hashed against the domain name using the MD5 one-way encryption algorithm, then used as the password for any logins at that domain. This way, you never needed to memorize more than one password, but the resulting password would be unique and secure for every domain you visited.

The best part was that all the calculations to create the new password were performed

As great as GenPass was, it was limited. So author Chris Zarate decided to stop working on the original GenPass, and has since released a new version called SuperGenPass which improves on the original in several ways.

Zarate has reworked how SuperGenPass identifies second-tier top-level domains. For instance, amazon.co.uk generates a different password than yahoo.co.uk.

Also, the way SuperGenPass handles the actual filling-in of password fields has also been changed. When you create the bookmarklet, you can elect to have the master password embedded in the bookmarklet itself or supply the master password every time you n

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows desktop security tips Managing multiple passwords in Windows Using System Center Essentials as a patch management tool How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? Windows XP management New Enterprise Desktop e-zine Reduce unapproved device driver installs via Group Policy in XP, Vista Windows operating system management for the IT pro Managing single sign-on security burdens in Windows Why Windows Vista is superior to XP Creating the Secure Managed Desktop Managing Windows folders with Redirected Folders Managing folders inside the Windows documents folder Identity and Access Management Security School Regaining lost functionality in the Windows XP Recovery Console Windows passwords and permissions management Managing multiple passwords in Windows Windows desktop endpoint security challenges podcast series How to strike a balance between Windows security and business needs Build secure computer password policies Remote user security checklist Reduce resistance to creating strong computer passwords Unauthenticated vs. authenticated security testing Step 1: Know your hardware Step 2: Configure the drives Step 4: Start the BitLocker encryption process

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary XP key changer  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

eed to fill in a password field. If you choose the latter, you type the master password in a site's login page as you would normally—then invoke SuperGenPass, which generates the proper password and inserts it automatically into the proper field on the page. When this happens, the password field changes color (to bright green) as a visual cue. This way, you can distinguish SuperGenPass's behavior from, say, the auto-form-fill behavior in Internet Explorer or Firefox.

SuperGenPass bookmarklets can run in interactive mode. (I created one bookmarklet that runs automatically, and another that runs interactively and requires user input.) When you do this, SuperGenPass pops up a window onscreen that offers expanded options: You can show the password for the current domain, supply a new master password and regenerate the domain password, change the password length, and so on.

Some of the same limitations apply to SuperGenPass as before. It is not compatible with earlier versions of GenPass; any passwords generated with earlier versions of GenPass will not come out the same in SuperGenPass when you use the same master password. Finally, for the sake of security, it's probably best not to hard-encode the master password in the bookmarklet; if someone gets their hands on the bookmark, it's trivially easy from there to figure out how to use it.

About the author:
Serdar Yegulalp is editor of the Windows Insight, (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.