OnePass is a bookmarklet to create passwords easily and securely. With the aid of it, a user can log on different websites with different passwords, while keeping only one master password in mind.
DECLARATION: OnePass is heavily inspired by 1pass4all. Even this README.
The best part is that one compromised password will hardly impact other ones.
Please refer to the this article for more details.
In 1pass4all, the encryption code is not considerate enough.
- It uses sha-256/sha-224 for hashing.
- The BaseX encoding algorithms except base64 drop their outputs to fit with their given charset, which are commented as lossy in 1pass4all/hasher.js.
- And its iteration logic in 1pass4all/passCreator.js is not well designed, which is widespread criticized by the community in other context.
- Also, the bookmarklet also includes some unnecessary interaction logic and a big TLD_LIST, which makes it size too big(~50kb).
- It provides auto-login functionality.
Instead,
-
OnePass uses a universal algorithm BaseN which is created by @KvanTTT in BaseNcoding to perform hash result encoding with arbitrary charset.
-
It uses a simple MVO pattern to implement the interaction logic.
-
It uses HTML5 forms feature to simplify the validation logic.
-
It uses bootstrap4 for better look of the installation page.
-
It does not provide auto-login functionality.
-
bookmarklet size is about 18.5kb
-
Approach 1:
simply check out the installation page
-
Approach 2:
-
make sure you install node.js and npm/yarn.
-
install dependencies via npm or yarn.
-
After
gulp/npm run build, open the install.html under/distdirectory, then follow the instructions there.
-
One click on the OnePass bookmarklet will prompt out a panel to for generating the password. You should enter the master password and click on the generate button. Then select(auto-selected) and copy the generated password to the form field you need to filled in.
If the user would like the username to be taken into account, he can enter the username.
More generally, the password syntax is(bracketed terms are optional):
[user ]master_password[ pass_len][ @domain][ *hash_iteration][ +salt]
where master_password's length is at least 6,
generated password's length pass_len is less than 100,
hash_iteration indicates the hash iteration times(0-9999),
salt is a cryptographic salt.
NOTE:
- User name and domain are all case-insensitive.
- The domain of the site may be imperfectly extracted(for some cross domain website).
-
website complains that the generated password has illegal characters
Some websites disallow special characters in password. If that is the case, you may try another charset and mark it down somewhere else to check when someday you forget the chosen charset.
-
website complains that the generated password is too long
Currently you may manually truncate the result password.
-
find a better way the handle bitwise operation on large integer, to remove the BigInteger library and then reduce the code size.
-
figure out a better way to handle incompatible charset for some website.
This software has been tested(but not fully) in latest browsers including Firefox, Chrome, IE, Safari and Opera, and you're welcome to report any bug or suggestion to here.
Copyright 2017 e-cloud
Released under the MIT License.