Show HN: Cryptasia - A Better Secure Password Website (cryptasia.com)
First: What is Cryptasia? It's a service that takes a website's name, your secret phrase, applies some hashing, and generates a unique password for that website. By using Cryptasia, you can log in to any website requiring a username/password using just one single secret phrase. Your password on every website will be unique and cryptographically unrelated to your secret phrase, so if one website is compromised--which seems to be happening a lot recently--you won't have to change your password on any other website.
Now we know what you might be thinking... great, what's the big deal about yet another password generator? Why is it any better for keeping track of all your passwords than, say, KeePass, 1password, lastpass, or even Vault?
1 You'll never have to invent a password for any website. Cryptasia knows which characters can and can't be used, which characters are required, and how long the password needs to be. Using this, it automatically generates a password that meets the requirements. We have a lot of services programmed in already, but with an account, adding new websites or changing a website's settings just takes modifying a line in a Google spreadsheet.
2 The website's name isn't actually used to create your password. Instead, Cryptasia uses an associated key string. By sharing key strings among the password settings for different websites such as youtube.com and gmail.com, you can log in to different sites that share an authentication service (in this case, Google's) but have different names. The other benefit is that Cryptasia lets you change passwords for a website without changing your secret phrase.
3 Copying your password and logging in to another website is really streamlined. We autocomplete the website name (including shortcuts, like "aws" for Amazon Web Services), and the "copy+go" button both copies the password to your clipboard and jumps you to the login page for whatever website you selected. Try out Hacker News!
4 We don't store any personal information. We don't even have a database! You don't need to trust us in order to use Cryptasia--the source code is unminified and in plain sight.
5 Cryptasia shows an image based on your secret phrase, so you know you typed it correctly
6 It works great on mobile! It was a huge pain, but we got copy+paste working for Safari, the Android default browser, Firefox mobile and Chrome mobile.
7 An account with us doesn't require you to remember yet another password. That would be ironic. Your account is based on data in a Google Spreadsheet, so the privacy settings of that spreadsheet will apply to your version of Cryptasia. For example, my personal Cryptasia account is "crypt.asia/karlgluck". I've left mine public so anyone can see it and, theoretically, use it to generate passwords--however, I can modify the spreadsheet at any time, so that probably wouldn't be a good idea. Still, if I didn't want people to know at which websites I had accounts, I could make the spreadsheet private and it would be nonfunctional unless I was logged in to my Google account.
Speaking of, a Cryptasia account is free for the first month, but we have to set them up manually so it might take a little while for us to get yours going.
Let us know what you think!
Get started here: http://crypt.asia
1 comment
[ 3.0 ms ] story [ 8.6 ms ] threadFirst: What is Cryptasia? It's a service that takes a website's name, your secret phrase, applies some hashing, and generates a unique password for that website. By using Cryptasia, you can log in to any website requiring a username/password using just one single secret phrase. Your password on every website will be unique and cryptographically unrelated to your secret phrase, so if one website is compromised--which seems to be happening a lot recently--you won't have to change your password on any other website.
Now we know what you might be thinking... great, what's the big deal about yet another password generator? Why is it any better for keeping track of all your passwords than, say, KeePass, 1password, lastpass, or even Vault?
1 You'll never have to invent a password for any website. Cryptasia knows which characters can and can't be used, which characters are required, and how long the password needs to be. Using this, it automatically generates a password that meets the requirements. We have a lot of services programmed in already, but with an account, adding new websites or changing a website's settings just takes modifying a line in a Google spreadsheet.
2 The website's name isn't actually used to create your password. Instead, Cryptasia uses an associated key string. By sharing key strings among the password settings for different websites such as youtube.com and gmail.com, you can log in to different sites that share an authentication service (in this case, Google's) but have different names. The other benefit is that Cryptasia lets you change passwords for a website without changing your secret phrase.
3 Copying your password and logging in to another website is really streamlined. We autocomplete the website name (including shortcuts, like "aws" for Amazon Web Services), and the "copy+go" button both copies the password to your clipboard and jumps you to the login page for whatever website you selected. Try out Hacker News!
4 We don't store any personal information. We don't even have a database! You don't need to trust us in order to use Cryptasia--the source code is unminified and in plain sight.
5 Cryptasia shows an image based on your secret phrase, so you know you typed it correctly
6 It works great on mobile! It was a huge pain, but we got copy+paste working for Safari, the Android default browser, Firefox mobile and Chrome mobile.
7 An account with us doesn't require you to remember yet another password. That would be ironic. Your account is based on data in a Google Spreadsheet, so the privacy settings of that spreadsheet will apply to your version of Cryptasia. For example, my personal Cryptasia account is "crypt.asia/karlgluck". I've left mine public so anyone can see it and, theoretically, use it to generate passwords--however, I can modify the spreadsheet at any time, so that probably wouldn't be a good idea. Still, if I didn't want people to know at which websites I had accounts, I could make the spreadsheet private and it would be nonfunctional unless I was logged in to my Google account.
Speaking of, a Cryptasia account is free for the first month, but we have to set them up manually so it might take a little while for us to get yours going.
Let us know what you think!
Get started here: http://crypt.asia