We’ve discussed password storage/generation solutions quite often, especially in the news stories about hacks and plain text password leaks, here’s a tool for the more paranoid who don’t want to store their passwords locally or in the cloud.
Passera is a simple tool written in Go that allows users to generate a unique strong password for each website, without the need to store them either locally or with an online service.
Passera turns any entered text into a strong password up to 64 characters long and copies it to clipboard. Figure out a decent system for yourself that will allow unique passphases for every website, such as combining website name/url with a phrase that you would not forget. To login, fire up Passera and enter the password you chose and your real password will be copied to the clipboard.
This software is for privacy-aware people that understand the need to have strong unique passwords for each website, yet don’t want to use any password managing software or services. Relying on password managing software means trusting your passwords to be kept safe by a third-party company, or trusting them to a single file on your disk.
Passwords created with Passera are extremely difficult to bruteforce and impossible to revert back to the original regardless of attacker’s knowledge of the source code. If one of your passwords is compromised after an attack on you or a web service, all your other passwords are safe with you.
To make it somewhat more conspicuous, when you start Passera it copies a random password to clipboard. The real password is then only stored in clipboard for 10 seconds, before being overwritten by another random string.
You can download Passera here:
Or read more here.
- Tiger – Unix Security Audit & Intrusion Detection Tool
- Egress-Assess – Test Network Egress Data Detection
- Just-Metadata – Gathers & Analyse IP Address Metadata
- CeWL – Custom Word List Generator Tool for Password Cracking
- Hacker Posts List of Compromised User Accounts Online
- PwdHash from Stanford – Generate Passwords by Hashing the URL
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,684 views
- Password Hasher Firefox Extension - 117,431 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,630 views