Purpose: generate a unique password per website so that if your password is compromised, your logins on other sites aren't - we all know passwords are either not securely transmitted, not securely stored, not stored hashed, or all of these :(

Enter below a password (the principle is that it's the same for all the sites - don't use a trivially simple password else a simple dictionary attack would allow to get back to it easily) and copy-paste the URL of the site; SHA1(password + hostname) will be generated locally with javascript and shown in base64 (good for sites forcing lowercase, uppercase and digits); your password entered below, and the generated one, will NOT be transmitted on the network, this is local javascript only.

Don't see that as more secure than it is, if there is a keylogger on the machine you're using, or if this page has a malware inside, you're compromised (better copy this page locally and quickly check the source)! Also, it's of course less secure than using real different passwords for all sites.

Password:
Website URL or hostname:


Result:   is - first 8 chars: Result check:

Result check is generated with the password and always "www.google.com" as website, so that you can easily see if you made a typo in your password (e.g. password is different for each site, but result check is always the same).


Thanks Odie :)
SHA-1 in JavaScript thanks Paul Johnston