Safer Password For Web, Email And Desktop/Mobile Apps

The SaferPassword utility is for any person who needs to keep his/her passwords secure, easy to remember and hard to break. Read about the advantages below.

Use versions:

Vers.1.1

Master Password:

Open Password:

Working Password:

Check to add non-alphabet symbols:

Set password length:

⇐

⇒

With this utility, your safe password manager can look like this:

Advantages:

it is 100% free-of-charge;
it is based on open source verified cryptographic systems such as SHA1 and standard conversions like BASE64 and HEX to ASCII;
it does NOT send ANY data or passwords to our server;
it can be used in the off-line mode;
it does NOT save ANY data into your computer files, including cookies etc.;
it is fully open-source and based on Javascript: anybody can check the code;
the password can be RECREATED at any time using third party services using the protocols below.

Safer Password - full explanation

We at Bizpages designed a system that is simple, safe and combines the advantages of all other solutions. You can write your weak passwords on paper and still be protected from prying eyes and attacks. Also, you can use the convenience and mighty cryptographic protection of online password managers to store your passwords. This utility just adds another layer of security and convenience.

STEP 1. Create a Master Password
Your master password is a word or phrase that should be long enough (min. 6 characters) and that you will NEVER forget. For better strength, it can be case-alternate or contain numbers or punctuation marks. An example: WhiteFish12.

This password is TOP SECRET, it should not be kept on paper or in a computer/phone. Only in your memory!

STEP 2. Create and write down/save an Open Password
It should be easy to remember and write, minimum 4 characters, and does not have to be complicated at all. It can be "password", "123456" etc. Its complexity is not so important, but it must be convenient to write and type. It can be made public or seen by anybody as your open password.

STEP 3. Generate your Working Password
This is the password that you will actually enter into the login form of your online service, email account, etc. You don't need to write it down or try to memorize. Nobody really needs to see it, in fact, even you don't need to see it yourself! Just paste (Ctrl+V on Windows or Command-V on Apple) it into the password field of your login form.

The whole point is that the Working Password can be recreated at any time by using your Master Password and Open Password on this page or any other online service where SHA1 Hash, HEX to ASCII conversion and Base64 encoding transformations can be implemented.

STEP 4. Next time when you need the password...
Just come back to this webpage and enter two passwords: Master Password from your memory and Open Password from your yellow sticker or Excel file where you keep passwords. Then press GENERATE SAFER PASSWORD. The Working Password will be then automatically recreated and copied into the Clipboard.

STEP 5. What if this webpage is not working?
Below you can find two Protocols TO RESTORE your Working Password even without using this webpage.

Manual Password Restoration Protocol 1. Alphabet symbols and Numbers in the password

Manual Password Restoration Protocol 2. Alphabet, numbers AND non-alphabet symbols in the password

Print out the protocols

More thoughts on secure password creation, storage and restoration

Keeping a password safe, confidential and restorable is a tremendous challenge. A great number of Internet services, email accounts, social media profiles, online banks, mobile applications etc. all require that the owner should store a safe password and enter it upon request. Losing or compromising a password in front of an attacker can be catastrophic to a person, business or even government.

According to LastPass, a global leader in online password storage, their average user keeps around 200 login-password pairs in the protected database.

Safe/strong or unsafe/weak passwords

A password is usually considered as unsafe or weak when:

it is short, e.g. "passw"
it contains only upper case or lower case letters, like "PASSWORD" or "password", only numbers "12345678" or only punctuation symbols like "!?.:-", etc.
it is made from a dictionary word, even if long enough, for example, "password"

Some of such passwords would be perfect to remember, yet they provide too low security and are easy to break by an attacker.

A safe or strong password is usually long, at least 8 symbols, not a dictionary word, has alternate capitalization like "PasSwOrd", and contains numbers and punctuation/non-alphabet symbols like "Pas_sW0Rd".

It is obvious, that a stronger password is harder to remember. The problem is, therefore, more SECURITY means less CONVENIENCE and vice versa.

How to keep your password lists: working methods

There are several methods how to deal with the password problem.

Method 1. Writing passwords by hand on a piece of paper

Advantages:
It is an old-school technique. Such a password is hard to be stolen via an online attack, unless there is a key-logging software running on your computer and stealing info as you are typing.

Disadvantages:

your piece of paper can be accidentally thrown away, lost or destroyed;
it can be viewed and compromised in front of your wife, kids, baby-sitter, visiting friends etc.;
viewed and/or stolen by intruders who may break in your home or when your belongings are lost, e.g. in a taxi, airport, etc.
with safe passwords containing upper case + lower case + numbers + special characters it is very likely that you make a mistyping error while writing them down. With one wrong letter, no further use of such password is possible and it can give you hard time when you try to enter it.

Method 2. Keeping list of passwords in your computer or phone

This option includes keeping the passwords list in a protected/encrypted storage locally on your computer, or a password-protected file.

Advantages:

easy to use, allows copy-paste directly into the password field
safer in terms of mistyping error

Disadvantages:

the password list can be lost due to a computer failure, deleted files, fatal system error, etc.
can be compromised by other users on the same computer
can be physically lost when the computer/phone is stolen or lost
the user still needs to remember the Master Password to access the encrypted list and the Master Password needs to be strong and kept in a safe place, that is, we are trapped in a vicious circle here.

Below are some reliable local storage providers that we recommend:

	1Password
	KeePass
	Roboform

Method 3. Using online password services

This is a modern and very popular solution where all your passwords are kept on a secure server and login credentials are automatically entered into the login form of the online service or website you are visiting. Such a password storage would usually be provided by a world-known service, for example, 1Password, LastPass, etc.

The cloud password services ensure the highest level of security as they are using state-of-the-art algorithms to create and store hashes and keys to protect the user's password and other important data.

In terms of cryptographic security, the cloud services are extremely safe. But they have a number of features that can be problematic for a user.

Issue No.1 what happens if the master password to the cloud password service is lost? The restoration procedure is quite complicated and it is not 100% guaranteed. In case the master password is lost and cannot be restored, the user is going to lose the whole list of logins/passwords forever!

Issue No.2: The Master Password to access the online service still needs to be strong and kept in a secure location beyond the online password manager itself. It can be written on paper or in an password-protected file. Both options lead to issues described above in Methods 1 and 2.

Issue No.3: the convenience of such services has a downside: very often they automatically suggest that you update login info for an existing website even if you need no new password. This may cause accidental deletion of your password even without your knowledge, so that next time you will fail to login without a way to restore your password.

Issue No.4: once you are logged in the system, anyone can use your computer to see your login/password, modify or even delete them. You either need to log out every time, or protect your computer/phone from unauthorized access through additional measures.

This problem can be dealt with by setting a paranoid auto-logoff after a certain period of activity. Here, however, the user again faces the problem of CONVENIENCE AGAINST SECURITY. With a strong password to access your online password manager, it needs to be typed in every time the user re-logins after an auto-logoff.

Issue No.5: Your sensitive data are kept on a remote server that you cannot control. You have to trust the password storage company saying that they comply with the Zero Knowledge policy, that is, that your data is encrypted and nobody at the company would have access to it. You never see these people in person, you don't know them and you have to take for granted that they are reliable.