Month: April 2007

Posted on

SuperGenPass: Keyboard Shortcut

Earlier today, I wrote about the fantastic bookmarklet, SuperGenPass; a great tool for generating secure, random and site-specific passwords with an additional two-clicks added to your login process. However, as noted in my previous post, two more clicks is not the ideal solution, at least not for me. I have detailed below the steps to implement a keyboard shortcut for SuperGenPass to reduce the effort down from two clicks to zero.

What you need (requirements)

  1. Using the handy bookmarklet builder at the SGP homepage, generate a bookmarklet for Firefox with the option to “Enter your master password each time, but use a hash to verify it” and your preferred number of characters.
  2. Add the generated bookmarklet to your bookmark toolbar.
  3. Right click on SGP and click properties, copy the SGP code (starting with ‘javascript:’) into your favorite text editor.
  4. Do a Find & Replace All.
    Find: .blur Replace: .focus This will ensure that no added clicks will have to be added into your login procedure (i.e., you will press your keyboard shortcut and then ‘Enter’ to login, rather than having to click the ‘Login’ button)
  5. Copy your modified code back into the ‘Location’ field of the bookmark properties
  6. Assign a ‘Keyword’ to the bookmarklet (e.g., sgp) and remember this keyword
  7. Install the Keyconfig extension
  8. Type about:config into your address bar and hit ‘Enter’
  9. Right click on the config screen and create a New >> String
  10. For the preference name enter: keyconfig.main.xxx_key__SGP BOOKMARK KEYWORD
  11. For the string value enter: meta][][][if(window.loadURI) loadURI(getShortcutOrURI('SGP BOOKMARK KEYWORD',{}));
  12. In the Firefox menu Tools >> Keyconfig find the name of the bookmark keyword you just added.
  13. Assign a keyboard shortcut.
  14. Restart Firefox.
  15. Choose a site that you wish to test your new bookmarklet (e.g., yahoo.com).
  16. Open your account preferences and select the ‘Change Password’ function.
  17. Type in your master password (as set on the bookmarklet generator page) into the ‘Current Password’ text box and execute your keyboard shortcut. The text boxes (Current, New, Confirm) will turn green, indicating that they have been populated with the password as generated by SGP.
  18. In the ‘Current Password’ box, type in your current password (leaving the ‘New’ and ‘Confirm’ boxes alone and submit the changes.

Next time you go to the site to login, type in your master password, execute your keyboard shortcut, and press enter. Voila!

Posted on

Secure, Random Passwords with SuperGenPass

In my never ending quest to secure my identity on the Internet, I came across an interesting bookmarklet by the name of SuperGenPass (SGP). Created by Chris Zarate, this snippet (alright, it’s a bit larger than a ‘snippet’) of JavaScript allows you to generate secure, domain-specific, “random” passwords on the fly with only a few clicks.

Using your master password, this bookmarklet uses a one-way MD5 hash in order to generate a secure alpha-numeric password that will give your typical dictionary and brute-force password crackers a mighty big headache. Due to the nature of the hashing, your master password cannot be discovered by reverse engineering your generated, domain-specific password. Perhaps best of all, consistently using this ‘tool’ drastically reduces the need to remember a bevy of passwords used to access the four corners of the Internet. With additional perks such as phishing protection and over 1,000 top-level domains supported, SGP sure seems to have promise.

All of this seems fantastic, but I must admit that I am adverse to adding additional clicks to my browsing experience. Though SGP touts only two additional clicks (one for password generation and one for population), that is two clicks too many for me.

This set of instructions will demonstrate how to implement the fantastic features of SGP with the ease of a keyboard shortcut.