kr-u2f
PassGen
| kr-u2f | PassGen | |
|---|---|---|
| 1 | 2 | |
| 126 | 4 | |
| - | - | |
| 0.0 | 0.0 | |
| 6 months ago | over 1 year ago | |
| TypeScript | C | |
| - | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kr-u2f
-
Password Managers
I was curious about that, so I looked into it; KeePassXC is having some mixed messages about it:
https://github.com/keepassxreboot/keepassxc/issues/1870 says "awesome!"
https://github.com/keepassxreboot/keepassxc/issues/1996 says "go away"
and I can't figure out what is going on with https://github.com/keepassxreboot/keepassxc/issues/3560
They reference https://github.com/kryptco/kr-u2f in one of the issues, but it was bought by Akamai and the code was never under an open source license to begin with :-(
PassGen
-
[OC] I updated our famous password table for 2022
Don’t use the same password on multiple sites. I have my own password generating shell script which uses strong cryptography which takes a secret and a site name, and generates a strong password (secret is protected with key stretching). Other similar solutions exist (LastPass, etc.)
-
Password Managers
I do not use a browser-based password generator, because of the Javascript insecurity issues. I use a shell script, with a small C program to handle the core cryptography, to generate secure passwords.
I run the password generator in a terminal window, then copy and paste the password in to the site I am trying to log in to.
It’s a fairly complicated shell script, since it also has to deal with nonsense like stupid arbitrary password rules (e.g. Southwest considers an underscore to be a letter, and insists at least one non-letter non-number punctuation is in a password; some places require a password to be 8 characters or shorter; etc.) and also provides login information so I can also remember my username.
As recently as 5 or 6 years ago, there were issues with websites which wouldn’t let you copy and paste a password in to their password field; Firefox has always had a “ignore any Javascript which stops pasting” special rule in about:config I had to use. I haven’t seen one of those in a while; developers finally got a clue and realized that password managers exist.
One weakness this setup has is that anyone with the “master key” can get all of the password generated by the password generator. My workaround is to use a separate master key in a virtual machine for critical passwords, such as online banking ones.
Shameless plug time:
https://github.com/samboy/PassGen/
What are some alternatives?
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
add-url-to-window-title - A Firefox addon which will put the web page address (URL) into the window's title. Useful for customizing KeePass's auto-type
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
tamperchrome - Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
pass-import - A pass extension for importing data from most existing password managers