Like every other program on this site, this is something I wrote for my own use that maybe others will find handy. This time around I set off to solve the problem of having to create, and remember, secure passwords for the myriad of sites I frequent.

Chances are you have logins on a dozen different web sites too. You can't remember a dozen unique passwords so you come up with something along the lines of "IL!keP1e" that meets all the usual requirements - it's 8 characters long and contains all the different character types. You use it on the all web sites you sign up on. Everything is great until one of those sites gets hacked and suddenly these l33t h@x0rz have a username and password they can try everywhere else.

So you protect yourself by changing it up a little. Instead of "IL!keP1e" you use "IL!keP1e-Facebook" and "IL!keP1e-ChaseBank". It feels like you did something but really you're no better off.

As we've seen all too often in the news, a lot of web sites do a poor job protecting your password. On many sites it's sitting unencrypted in a database just waiting to be dumped onto an site with a lot of Zs in the URL.

Here's a quick tip - if a web site has any weird restrictions around legal characters or a short maximum password length, chances are they're storing your password unencrypted. Competent sites store a hashed version of your password which renders these restrictions moot. At the end of the day though, you have no idea how any site is storing your password so the safest course of action is to use a different complex password for each of them.

NARPassword is a program to generate a non-random password based on a personal pass phrase and password name. Here are some examples of the passwords it produces.

Why am I qualified to write an application like this anyway? I did do a whole bunch of graduate work in computer security. I won't be a blowhard and claim to be an expert but I'm not a complete dunce either. I'm confident enough that this works that I use it for every web site password.



Windows Version

NARPassword for Windows v1.1

Windows v1.1

This produces the same passwords as Windows version 1.0 and the JavaFX 1.0 version. There are two differences - 1) the user interface is considerably more paranoid than version 1.0 and 2) password options can be saved. I consider this an incremental step toward building a full-blown password profile manager, an application that tracks all your logins and password rules but not the passwords themselves.

Download NARPassword for Windows v1.1

System requirement - .NET Framework 4+ (if you run Windows Update then you probably already have this)

Android Version

Android version

This produces the same passwords as the Windows, Java, and JavaFX versions. I didn't put this on the Android market yet because the no-frills user interface is bound to earn zero stars. It's quite functional though. If I ever pretty it up then I'll post it I guess. In the meantime you'll have to settle for manually installing the APK.

Download NARPassword for Android APK

System requirement - Android 2.2 or higher

Java (Swing) Version

Horribly ugly Java Swing version

Java (Swing) v1.0

This produces the same passwords as the Windows and JavaFX versions. The user interface is horrifically ugly because it was built in Swing. I know Swing applications can be made to look pretty but I don't have the patience for it. The only advantage to this version is it runs on any OS that supports Java 6 or higher.

Download NARPassword for Java v1.0

System requirement - Java 6 or higher

JavaFX Version

The JavaFX version is somewhat experimental. Running this requires Java 8 and a Java plug-in to be enabled in your browser. You can also download the web start app or executable .jar to run it on your desktop.

Launch as a webstart app

Download the executable .jar

This page uses Lightbox by Lokesh Dhakar licensed under the Creative Commons Attribution 2.5 License.