SuperChromePass - 0.6

by keithamus
Extension meant for Developer Builds of Google Chrome 4.0+
Bookmark and Share

SuperChromePass is a Google Chrome extension, duplicating the functionality of SuperGenPass, but fixed in the browser toolbar, rather than a javascript popup window.

Essentially though, SuperGenPass is a password generator that takes your “master password” (for example “password”), and the domain name of the site you’re visiting (for example chromeextensions.org) and then makes a new, more secure password (for example bzU9OWRiaokP). The password will be the same every time you go to that website but it’ll be different for different websites. This means you have a secure, separate, repeatable password for every website you visit but still only have to remember one password. It is also better than a random password generator because you don’t have to remember the new password, ever!

  • 0.6
  • keithamus
  • Visit Website
  • Visit Website
  • Developer Builds
    Developer Builds (Linux)
    Beta Builds
    Stable Builds
  • 1 Star2 Stars3 Stars4 Stars5 Stars (16 votes, average: 4.63 out of 5)
  • 1278 times

More about this extension

SuperChromePass is a Google Chrome extension, duplicating the functionality of SuperGenPass, but fixed in the browser toolbar, rather than a javascript popup window.

Essentially though, SuperGenPass is a password generator that takes your “master password” (for example “password”), and the domain name of the site you’re visiting (for example chromeextensions.org) and then makes a new, more secure password (for example bzU9OWRiao). The password will be the same every time you go to that website but it’ll be different for different websites. This means you have a secure, separate, repeatable password for every website you visit but still only have to remember one password. It is also better than a random password generator because you don’t have to remember the new password, ever!

If you want to find out more please visit http://supergenpass.com.

This means SuperChromePass also benefits from the enhanced security between tab and browser in Google Chrome. A website would not be able to detect any information placed in SuperChromePass, which they may be able to with SuperGenPass.

SuperChromePass is completely free, and you are able to view and edit the code if you so choose. Please remember many of the key components of this ARE based on SuperGenPass, which is under the GPL licence. While SuperChromePass code is under MIT licence.

Change Log:

0.5 brings:

  • A new options page, all options are separated from the popup
  • Less memory usage
  • New icon designed to fit-to-size
  • "Stealth Password" (salting) option
  • Stealth password gives this release every feature that SuperGenPass? has for sure!

0.6 brings:

  • Fixes to 0.5 which was rushed slightly :D

Older Versions

  1. Version 0.1
    Compatible With
    Developer Builds
    Developer Builds (Linux)

    Change Log:

    None

  2. Version 0.3
    Compatible With
    Developer Builds

    Change Log:

    Added "Remember Password for session" option

    Added "Remember Password forever" option
    Added "Check password against hash" option

  3. Version
    Compatible With
    Developer Builds

    Change Log:

    • 0.3
    • Remember Password for session
    • Remember Password forever
    • Check Password Entry (stores hash)
    • 0.4
    • Forms automatically fill in when the password field is full (i.e from remember password)
    • Auto updates
    • Now functionally identical to SuperGenPass (I think)

Reviews

  1. Zorglub says:
    November 26, 2009 at 1:34 pm

    Sooo ? what’s this thing for ?
    Please bother to have some description for your extensions, code isn’t everyhing.

    Response from Keithamus
    Thanks for the tip, updated the description

  2. The Truth says:
    November 26, 2009 at 3:27 pm

    VERY nice, but isn’t a “standard” hashing/encryption better than “some unknown”? Even when SuperGenPass is using GPL, it doesn’t mean that it will still exist in 6 months? Doesn’t SHA1 or some other more known encoding make more sense?

    I just wonder… imagine in some weeks.. months your sites will be down. Of course no one installed the script on his webserver lol so no way to gain access to the passport protected sites ;)

    Response from Keithamus
    I think you’ve slightly misinterpreted the extension, as well as GPL software.

    SuperGenPass does use a standard hashing algorithm. It uses base64 md5, and hashes multiple times to get a satisfactory password. MD5 is more popular than SHA1, so to answer your question, yes it would make sense to use a well known hashing algorithm – and it does.

    The website both SuperGenPass and SuperChromePass projects are hosted on is Google Code. Google has some of the most pervasive servers in the world. The chances of Google going down and staying down are remote (and if it does happen you probably have bigger things to worry about than your passwords). Also, both projects do not send any information to anywhere, so they’ll work even if you were offline, even if the whole world was offline. To top this all off, both projects give you access to the source code (you can download the crx chrome extension and just use Winzip or 7zip to extract the files, and browse the source). So to answer your second statement, the chances of you being unable to access your passwords are lower than the chances of you squeezing gold bullions from your fingernails.

    Hopefully this answers your questions/corrects your misinterpretations. Thanks :D

  3. Kevin says:
    November 26, 2009 at 5:09 pm

    Extension looks great. However one option I would personally like to see and use would be the option to hard code your master password in so it would not have to be typed everytime I need to use it. Now, I realize this would be way less secure but for my home pc which I only use it makes sense and this is currently how I use supergenpass at home. When out and about I generally just use the “mobile” version of supergenpass for the odd time I need it.

  4. Kevin says:
    November 26, 2009 at 5:42 pm

    after thinking a bit more about my above comment maybe it would be better to just incorporate a checkbox or something similar for “remember master password for this session” or something to that effect so that once you restart chrome your master password would be deleted and need to be keyed back in. This would make it more secure I would think.

    Response from Keithamus
    The new version of this, once complete, will incorporate more features of SuperGenPass, such as:

    “remember hash” which checks for the correct password to make sure you don’t mis-enter it

    “remember password indefinitely” which will keep a plain text password in localstorage, so just a single click of the button will fill passwords in.

    I am also attempting for a “save password for this session” but it is more difficult with extensions that it sounds (Issue 4). I have also been trying, since the first version, to take passwords entered on the page as the master password (so you can type your master password, and then click the button to have it generated). But this is also proving timely and difficult (Issue 1).

    So your requests are being listened to and by next week (hopefully) they’ll be met!

  5. The Truth says:
    November 26, 2009 at 6:38 pm

    It does. Not it makes sense. Thanks a lot! :)

  6. Angel says:
    November 26, 2009 at 11:20 pm

    aw dam i forgot master password

  7. Bender says:
    December 1, 2009 at 3:17 pm

    I have one more suggestion, sometimes more sites use the same password to login, same login and password for many services but different domain addresses, for example forums.opensuse.org uses the same password as secure-novell.com and i would like it to share the same password but right now i can’t. Could you do something about it?

    Response from Keithamus
    Yes, this is an annoying thing about certain websites, Ubuntu’s launchpad does a similar thing. I will try and implement this for 0.3 (version after next). I plan on doing releases bi-weekly so in other words that feature will be included before the end of the year.

    P.S Check out Issue 5

  8. Bender says:
    December 1, 2009 at 3:24 pm

    @Kevin

    To Kevin’s suggestion, what about making it a bit different, what about making it possible to just click the icon with a mouse (let’s say it will flash or something when a password would be needed and we NEED to click it with a mouse).

    @keithamus

    Maybe it could be possible to add additional domian addresses in the Domain/URL window to create for them the same password?

  9. The Truth says:
    December 1, 2009 at 3:42 pm

    “NOW” it makes sense I wanted to write :$ Ouch ouch ouch. Sorry.

Write a Review