Final password is cryptographically derived from web page URL address, salt and user provided secret passphrase.
Open Source Chrome extension for domain dependent password generation (ALPHA version)
Store seed for your password locally on your computer for additional security.
Final password is cryptographically derived from web page URL address, salt and user provided secret passphrase. The salt should be stored physically, so you can recover it in the future.
WORK IN PROGRESS. The crypto part works fine, but there are some jQuery/css issues on some pages (iframes, jQuery dialog etc.)
CURRENT THREAT MODEL:
* No one with an access to the PC with installed extension should be able to authenticate without knowing the correct passphrase.
* The same passphrase used in two different web browsers should produce two different passwords (cryptographic salt will solve this problem).
* If an attacker obtains password for some websites, she should not be able to derive passwords for another websites using that knowledge.
* Attacker should not be able to brute force master passphrase from the salt and knowledge of one password (PBKDF with lots of iterations).
* It provides protection against basic keyloggers (but they can read our salt from the memory / file...)
For more information, see Github repository.