Gordon’s Place

Time for a story. Some time ago I was listening to the stack overflow podcast. There was a theme which had been running for a few episodes which was how to track all your different passwords, and how to make them easily accessible whenever you needed them. Most of the suggested solutions involved either password management software or an encrypted file together with options for either syncing it between computers or remotely accessing it.

I was kind of interested in this discussion since I’d pretty much been there. I’d had an encrypted DB containing all my passwords on my PC, it synced to my phone. Which was grand until I changed my PC for a Mac and bought an iPhone. Then I was faced with having to buy some new software to do the same thing and re-keying all of my passwords. Needless to say I hadn’t bothered and I was starting to slip into some pretty bad password habits. You know, lots of sites, only a few different passwords.

So at that point some bloke joined the discussion to suggest a site called http://passwordmaker.org/. He explained that the idea was to build a hash out of a site URL and your secret master password and to use this hash value as a password for the site. The hashing function would ensure that each site had a distinct password and also that it could be easily re-calculated whenever you needed it. All you had to do was remember your master password.

Now I’m sure this says something about what a geek I am, but I thought this was a fantastic idea. Simple, elegant, clever and a lot more secure than the way I was currently managing it. I went straight to their website to try it out, which was a bit of a shock. Try it yourself, here’s the on-line version of the software. There are fourteen fields on that form that you have to fill out to generate a password. Fourteen! I’m not even sure I understand what some of them are for. Great idea, but I’m really not convinced about the implementation.

So I did what any self respecting programmer would do. I wrote my own version of it. I scratched my own itch. The first implementation was, of course, a command line ruby script. It took 2 parameters – URL and master password – generated a password and popped it on the clipboard. It was opinionated software, it didn’t ask you to choose which hashing algorithm or character set to use, it just went on and did it’s thing and gave you back a password.

And that’s how things stayed for the best part of a year, I’ve used this script to generate / re-generate all my passwords and although it’s worked very well, it is only available when I’m working on my own laptop. Over the last couple of months I’ve been getting to grips with Rails, so it was a fairly logical and simple extension to create an on-line version of the script, and thus simplepassword.com was born. It’s still opinionated software, even the name of the site reflects that. I hope you enjoy it, but if you need something more complex then there are other options available.