DEV Community

Discussion on: On behalf of password manager users of the world, stop enforcing password requirements.

Collapse
 
raddevus profile image
raddevus • Edited

I'm with you on this. Can't stand the password requirements like add special char etc. I wrote a password manager that remembers the password reqirements for you.

It's called C'YaPass and you can try it in your browser without installing anything: cyapass.com/js/cya.htm
It's entirely implemented in client-side JavaScript and the code is Open Source and available at : github.com/raddevus/CYaPass-Web

My password manager doesn't store your password anywhere and allows you to draw one pattern that can be used to generate unlimited unique passwords based upon SHA-256 hashes. Also when you add your site key (the way to remember which site your password will be used at) you can set the password requirements (length, special char, uppercase) so you never have to remember that stuff again.

Check it out and let me know what you think. I've attached a quick snapshot of how you add a new site key and requirements.
C'YaPass add site key

Collapse
 
caseywebb profile image
Casey Webb • Edited

You'll have to pry pass + dmenu from my cold, dead hands, but I'll definitely take a look at this if out of nothing more than curiosity. Have you considered making it a PWA and hosting on GH pages? Would also be super cool with the "add special characters" feature to be able to whitelist/blacklist characters.

edit: scratch gh pages and whitelisted special chars, skipped over the fact you've already got it hosted. You're already steps ahead of me 😅

Collapse
 
raddevus profile image
raddevus

And one more thing. You'll never have to type your passwords again because I copy the the password to your clipboard. That way you can

  1. draw your pattern once
  2. switch to any site key
  3. password is copied to your clipboard
  4. paste it in to log in at your favorite site.

Easy as that. I don't even know my passwords any more. I just draw my pattern and paste them in. And they're super strong random chars of SHA-256.

Collapse
 
raddevus profile image
raddevus

I've written the app as a Android, iOS, and WinForms app also so you can run it from anywhere. All source code to every version is available at my GitHub repos (github.com/raddevus?utf8=%E2%9C%93...) so everyone can examine the code and build it for themselves.

You can easily take the SPA web app that I built and copy it to your own web site and start using it there. It saves your sitekeys in your localstorage that can only be retrieved at that URL / DOMAIN.

I tried to make it completely open so people might start using it. I've written this up a bit at CodeProject.com also.