Stronger passwords with GreaseMonkey

Stronger passwords with GreaseMonkey

Using the same password on every website is dangerous. We all know it. But we couldn’t afford to think up a different one every time : it would be impossible to remember them all. The solution I present here is a good way to reuse your “main password” (we all have one :-)) with a better security level. I also propose a GreaseMonkey Javascript code that automatize the process.


I have read some month ago a very interesting post about it, but sadly I did’t find it back. However, the idea in the article is the following : keep your main password in every site, but add “salt” based on the domain name.

Let me show you an example : let’s say that your password is ‘ilovecats’, and you want to register at www.youtube.com.

  1. Take the five first letters of the website : “youtu”,
  2. make some permutations on them – for example, make them uppercase : ‘YOUTU’,
  3. prefix it to your main password.
    The password for youtube.com becomes : ‘YOUTUilovecats’.

This idea is great ! With training, you won’t have to bother about remembering many different password. Also, you get a stronger password, since it is longer than your main password. The only thing you have to be sure is not to forget what permutations you did. Write it down somewhere maybe (this is anyway safer than writing all your passwords somewhere. If someone reads your permutations method, you don’t care : he still doesn’t know your main password ;-))

 

Going more geeky

I’m using this method since the day I learned it. But as my friends know, I’m a bit lazy : I don’t want to write my permutation every time I have to log in (beside, my permutation is quite complex to mentally process). So, I wrote a small piece of Javascript to use with GreaseMonkey. This script searches for every password field on a website, and adds the five first letters of its url, with a permutation. You can change it by yourself if you want.

The permutation used in the file is the following :

  1. Take the five first letters of the url (after the ‘www.’),
  2. add one to each letter, so that a become b, b becomes c, …, z becomes a,
  3. make the result uppercase,
  4. prefix it to your main password.

Again : don’t forget the permutation that you are using !! Remember that if you want to log in on a computer that is not your own, you will have to do the permutation by yourself !

 

Installation

  1. Firefox users : Download GreaseMonkey if you don’t have it yet : https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
  2. Download the Javascript file here; GreaseMonkey should ask you to install the file.
  3. Once installed, every time you will click on a password field, the five first letters of your password will show up; just add your main password. Congratulations, you have a stronger password with almost no effort.

Source code

// ==UserScript==
// @name           Stronger Passwords
// @namespace      *
// @description    Get the first five chars of the domain name and prepend it to every password field of the page, with a permutation
// ==/UserScript==

window.setTimeout(function()
{
  //Extracting the first five letters
    var host = window.location.hostname;
    var domains = host.split('.');
    if (domains.length <= 2)
      host = domains[0];
    else
      host = domains[1];

    host = host.substring(0,5).toLowerCase();
  //Extraction done

  //Building the 5 first chars
  // You can change the code here to use another permutation.
  // The five letters are stored in the variable host and the
  // code below must build a variable names prefix which
  // contains the permutated string
    var prefix = "";
    var acode = 'a'.charCodeAt();
    var zcode = 'z'.charCodeAt();
    for (var i=0; i!=5;++i)
    {
      var c = host.charCodeAt(i);
      if (c >= acode && c <= zcode)
      {
        c -= acode;
        c  = (c+1)%26;
        c += acode;
      }
      prefix += String.fromCharCode(c);
    }
    prefix = prefix.toUpperCase();
  //Chars built

  //Appends the five letters to every password field when you click them
    var inputs = document.getElementsByTagName('INPUT');

    for (var i=0; i!=inputs.length; ++i)
    {
      if (inputs[i].type=="password")
      {
        var input = inputs[i];

        input.addEventListener('focus', function(event)
        {
          event.target.value=prefix;
          document.selection.empty();
        }, false);
      }
   }
 //Append done
}, 1000);