NARPassword

About

Like every other program on this site, this is something I wrote for my own use that maybe others will find handy. This time around I set off to solve the problem of having to create, and remember, secure passwords for the myriad of sites I frequent.

Chances are you have logins on a dozen different web sites too. You can't remember a dozen unique passwords so you come up with something along the lines of "IL!keP1e" that meets all the usual requirements - it's 8 characters long and contains all the different character types. You use it on the all web sites you sign up on. Everything is great until one of those sites gets hacked and suddenly these l33t h@x0rz have a username and password they can try everywhere else.

So you protect yourself by changing it up a little. Instead of "IL!keP1e" you use "IL!keP1e-Facebook" and "IL!keP1e-ChaseBank". It feels like you did something but really you're no better off.

As we've seen all too often in the news, a lot of web sites do a poor job protecting your password. On many sites it's sitting unencrypted in a database just waiting to be dumped onto an site with a lot of Zs in the URL.

Here's a quick tip - if a web site has any weird restrictions around legal characters or a short maximum password length, chances are they're storing your password unencrypted. Competent sites store a hashed version of your password which renders these restrictions moot. At the end of the day though, you have no idea how any site is storing your password so the safest course of action is to use a different complex password for each of them.

NARPassword is a program to generate a non-random password based on a personal pass phrase and password name. Here are some examples of the passwords it produces.

Why am I qualified to write an application like this anyway? I did do a whole bunch of graduate work in computer security. I won't be a blowhard and claim to be an expert but I'm not a complete dunce either. I'm confident enough that this works that I use it for every web site password.

I realize there are dozens of password managers that solve this general problem. Every one I looked at stores your password somewhere. I don't trust any of them to do that securely. Some popular ones have been compromised in the past. So I opted for a solution with no storage required.

Benefits

Disclaimers


JavaFX Version

JavaFX version

JavaFX v1.2

This produces the same passwords as the Windows and regular Java versions. This is the version I'm mostly likely to keep maintaining because JavaFX is pretty easy to work with all things considered. It requires JDK11+ and OpenJFX. If you know what those things are then you'll be able to run it. Eventually I'll make a friendlier installer for everyone else. This version also includes a light password manager. Here's a tutorial on how to use it.

Download NARPassword for JavaFX


Windows Version

NARPassword for Windows v1.1

Windows v1.1

This produces the same passwords as Windows version 1.0 and the JavaFX 1.0 version. There are two differences - 1) the user interface is considerably more paranoid than version 1.0 and 2) password options can be saved. I consider this an incremental step toward building a full-blown password profile manager, an application that tracks all your logins and password rules but not the passwords themselves.

Download NARPassword for Windows v1.1

System requirement - .NET Framework 4+ (if you run Windows Update then you probably already have this)


Android Version

Android version

This produces the same passwords as the Windows, Java, and JavaFX versions. I didn't put this on the Android market because the no-frills user interface is bound to earn zero stars. I have not worked on this in quite some time and I doubt it's compatable with any semi-current version of Android.

Download NARPassword for Android APK

System requirement - Android 2.2 or higher


Java (Swing) Version

Horribly ugly Java Swing version

Java (Swing) v1.0

This produces the same passwords as the Windows and JavaFX versions. The user interface is horrifically ugly because it was built in Swing. I know Swing applications can be made to look pretty but I don't have the patience for it. The only advantage to this version is it runs on any OS that supports Java 6 or higher.

Download NARPassword for Java v1.0



Related