SuperGenPass – The Only Safe Password Manager

Posted in Security, Web Services on Sep 2nd, 2008 | View Comments

I have a confession to make: I absolutely hate password managers.  In fact, I despise password managers.  Typical password managers, that is.  For example, 1Password is a favorite among Mac users.  Personally, I would never use it.  1Password offers many features such as filling in web forms, generating strong and unique passwords, it’s pretty versatile, there’s an app for the iPhone/iPod Touch, etc.  Granted, 1Password is a beautiful password manager, but again, at heart, it’s just a typical password manager that is entirely proprietary.  If your 1Password database or Mac OS X Keychain ever became corrupted, you’d basically be up shit creek without a paddle.  You’d know none of your passwords, you’d probably have forgotten which username/e-mail you used for any given site, and did I mention you’d be up shit creek…?  That’s why I use SuperGenPass.

SuperGenPass is really nothing more than a very complex piece of JavaScript that disguises itself as a bookmark that one can easily add to a bookmarks menu or bookmarks toolbar.  What advantages does SuperGenPass have over other password managers such as 1Password?  The biggest advantage, and the main reason I use it, is the fact that one’s passwords are generated on the spot, and nothing is ever stored or recorded.  That provides an amazing level of security.  Also, there is never any need to worry about the program crashing, the database becoming corrupt, etc., because again, SuperGenPass is just a bookmark, and one’s passwords are generated on the spot.  If one happens to delete the bookmark, one can just re-add it and they’ll be set to go.  Imagine if one lost one’s 1Password database and had to reinstall the program.  That would be more than painful.

Similar to 1Password, SuperGenPass uses a master password.  It uses it in a slightly different manner, however.  Rather than using it to grant one access to a list of one’s passwords, SuperGenPass uses one’s master password and the domain name of the Web site one is visiting to generate a password based on a one-way hash algorithm.  It works like this:
- Visit the site
- Type the master password
- Click the SuperGenPass Bookmark
- The master password is automatically replaced with the password SuperGenPass generated

It’s really that simple, and it works like a charm.

SuperGenPass still places some responsibility on its users to remember the e-mail/username for any given site.  I think that is important.  Becoming too dependent on any one technology can be disastrous.  [See my cloud computing article for examples.]  SuperGenPass is also more portable.  To use 1Password on an iPod or iPod touch, one has to download 1Password’s proprietary app/browser.  Go figure!  With SuperGenPass, one just needs to add the bookmark in mobile Safari and that’s it.  SuperGenPass also allows one to host a copy of its site on one’s own server, so if one ever needs to re-add the bookmark and SuperGenPass’ site is down, it’s entirely possible to do so.  SuperGenPass works with any modern web browser, and unlike 1Password, it’s completely free, so why not use it?

[SuperGenPass]

  • http://Vidoop.com Kevin Fox

    Nice article, I work for Vidoop so I am biased but I really like the password management solution we have at http://myVidoop.com

    It is a free browser plugin ( http://twurl.cc/2rj ) and it will store all your online passwords. You can store your passwords locally or online with myVidoop. If you store your passwords on myVidoop then they are accessible from anywhere and you dont have to worry about maintaining a local database/file.

    I keep a copy of FireFox portable on a thumb drive, along with the plugin installed and have a completely portable solution that I can plug in anywhere. Once I am done I just unplug the drive and move on.

    If anyone found the drive they would still need to authenticate with the ImageShield on http://myVidoop.com and I could easily deactivate the portable browser…

    I would be interested to hear how you think myVidoop compares to SuperGenPass?

    Thanks,
    Kevin

  • http://darrinholst.com Darrin Holst

    First, I use and love both SuperGenPass and 1Password. I however would not use one or the other exclusively. SuperGenPass is great for those sites that won’t ruin your life if your password is compromised. Since (I imagine) the majority of people use SuperGenPass with 1 master password then your layer of defense is greatly diminished. In other words, someone just has to find out your master password and, as you put it, you’d be up shit creek.

    So all my “important” sites, i.e. credit cards, banks, etc., are protected with super nasty, super long passwords generated and stored with 1Password where I don’t really care if I can’t get to them from everywhere. Then all the “non-important sites”, i.e. twitter, facebook, etc., are protected with SuperGenPass passwords where I do want to get to them wherever I’m connected to the cloud.

    The issue with data corruption is basically FUD. You should be regularly backing up and archiving important “stuff”, which includes Keychains and actually 1Password does this for you. So *if* someday I wake up and my data is corrupted I just roll back to the day before. Also, what’s the worse thing that will happen? You’ll be forced to go reset and change your password at every site you frequent which, granted is a hassle, but not a bad thing to do once in a while.

    Darrin

  • Ximo

    SuperGenPass has a serious security flaw when used as a bookmarklet.
    http://akibjorklund.com/files/2009/10/supergenpass-vulnerability-demo.html

blog comments powered by Disqus