Strong password generator bookmarklet generator
A bookmarklet that creates strong passwords that can safely be used from any browser on any system without accessing the internet. The bookmarklet is generated with presets and seeds making it unique for every user.
Recently a site I once made got hacked. The cause was a vulnerability in an older WordPress install. It took me a while to fix but fortunately no serious damage was done. I reinstalled from backup and added a good security plugin and that was that.
Even though the hack didn’t happen through insecure passwords it did get me thinking about password strength. The passwords I normally use are unique for every site following a specific formula combining the name of the site with some strings, numbers, and other characters. This is probably way more secure than what most people use but when I ran a them through a password tester they didn’t rank real high. Maybe time to revise the formula?
So what is a good password? A Google search on the topic returns tips from Microsoft at #1, a bit further down is the Wikipedia page about password strength. So a good password
- has a minimum length of 8 characters (Wikipedia even states 12)
- contains uppercase, lowercase, numbers and symbols
- does not contain a pattern (complete word, character repetition, your name, your company, dates etcetera)
- is unique (not used for other accounts)
The problem is that these days people tend to have numerous accounts and when you do all of the above you’ll end up having to remember these: RDjh\iKy&mk, pmTh4{S0o8i, cOeLR!1q&to. Excellent passwords but I can only remember two or three of these before my head starts spinning.
One solution is using a password manager, these are applications that have browser extensions and mobile apps and store all your passwords in the cloud. But most of these are subscription based.
What you could also do is only make your password very long. For instance a password like ‘myGmailPasswordIsEasyToRememberButVeryLong’ is quite secure (supposedly). But try having to enter that on a mobile device and missing a character. Then there are plenty of sites that have a maximum character count for passwords.
A strong password is quite hard to remember but we could generate it using easy-to-remember input values.
Generating the password locally would be safer than a secure cloud connection but it would have to work on most common machines and devices.
So I created a password bookmarklet generator (or rather: a password generator bookmarklet generator). A unique bookmarklet is generated by setting the a random seed and password length (and preset input fields).
You can restrict characters: all quotation characters are turned off by default.
The bookmarklet itself is two input fields that are used to generate a password.
You can choose to use the extended character set but a lot of services seem to have trouble with that.
Gmail allows it, for instance, but not when you try to import another POP3.
So is this safe? It should be (I use it myself). The bookmarklet is generated locally and stored locally. Somebody would only be able to reproduce your passwords if they know your random seed, password length and what you enter into the two input fields. Which is probably harder than a brute force attack on a 12 char strong password.
You’re free to use this script (or alter it). But remember, it’s your own responsibility.
Specific browsers have the ability to sync bookmarks across machines/devices but you might want to check if the sync is encrypted. Firefox uses encryption by default. Chrome does encrypt passwords but you must adjust your settings to encrypt bookmarks.
Here’s the link once more: strong password generator bookmarklet generator