SecureMyPW
A better way to protect your passwords

Why?
SecureMyPW is a much better way to secure your passwords compared to the following not so good methods:

  • Using Simple Passwords: Makes remembering and typing easier. But we all know this is not good: simple passwords are easily hacked. Here's some password tips, tips, tips, and a good password checker. Or instead, you can use SecureMyPW's built-in strong password generator.
  • Using One Password For Many Websites: Because most of us cannot remember several passwords. We know this isn't good. If an attacker gets your password from one website, he/she now has the password for all your websites!
  • Using Many Passwords Stored By Your Browser: For convenience, most browsers can remember your passwords and auto-enter them whenever you re-visit the website. Read this now. Know the weaknesses. If anyone gets access to your computer, he/she can get your passwords or can sign-in to your websites with the auto-entered passwords.
  • Using Many Passwords Saved Somewhere Unencrypted: Good that you're using different passwords on different websites, ... but what if an attacker gets access to your saved list of passwords? He/she now has the passwords to all your sites!
  • Using Many Strong Passwords Saved Somewhere Encrypted: This is the best. You have many strong passwords, you have them saved (lest you forget), and you have them secured by encryption. SecureMyPW lets you to do this!

SecureMyPW is Convenient
Security must be reasonably convenient. Security without convenience is eventually not unused and so not secure.

For convenience, SecureMyPW saves your encrypted info as a link/URL for easy retrieval: click the link, enter your SecureMyPW password, and you've got your password (which you can cut & paste to the other website's sign-in page).

For convenience, SecureMyPW lets you decide where to save the link/URL. You can store them anywhere that lets you store a link/URL. Here are a few options you may find convenient:

  • Document or Spreadsheet: If this is what you know best and are most comfortable, use either.
  • Your Browser's Bookmarks: Most browsers let you create & update bookmarks. I create a folder called "Passwords" and save all my SecureMyPW links there. I also setup my browser (Chrome) to sync my bookmarks across my computers. This means my passwords are available on my laptop, my desktop, my PC at work, and my smart phone.
  • Google Drive / Docs: A document but in the cloud so accessible by any web-connected device anywhere. I created a Google Doc, gave access to it to my wife's Google id, added my SecureMyPW links, and now we both have the passwords for our shared accounts (banking, etc).
  • Multiple Places: SecureMyPW can be stored in multiple places. Whenever I set or change a password, I save it in both my bookmarks (for my ease of use) and a Google Doc (for sharing).

SecureMyPW is Free & Enduring
SecureMyPW is free ... thanks to Google. SecureMyPW runs on Google App Engine using the free daily limits provided by Google. SecureMyPW also uses the free "appspot.com" network encryption SSL cert provided by Google. Since it doesn't cost me anything to keep SecureMyPW running (thanks Google!), there's no reason for me to shut it down (especially since I rely on it myself). You can use SecureMyPW with confidence that it will stick around (Legal Notice: no guarantees; use is as-is).

SecureMyPW is Secure
Your data is encrypted with AES-256, the encryption standard adopted by the US government. Here are the details (warning: techno-babble ahead):

  • Your data is converted to a string in JSON format. This is compressed using zlib to reduce its size. A marker is added (used to verify successful decryption) and pad characters too (to lengthen the string as required for block cipher mode encryption). A 256-bit encryption key is generated by taking your SecureMyPW password, salting it, and hashing it with SHA-256. An initialization vector is created using a cryptographic random number generator (pycrypto). The key and the initialization vector are used to encrypt the data using AES-256 encryption in Cipher Block Chaining mode. Finally, for use in the URL, the encrypted bytes are encoded using base64 and url encoding.

What If I Don't Trust SecureMyPW
SecureMyPW does not save your SecureMyPW password, your website password, or any of your data. But you might not believe that. That's fine. To attack you, we need to know 3 things: the website, your user id, and your password. If you use SecureMyPW to only secure your password (don't enter the website's URL or your user id in the notes), then we'd only know 1 of 3. If you obscure your password, by adding (for example) 2 characters in front and 3 characters at the end, then we'd know 0 of 3. If you still don't trust SecureMyPW, well, have a nice day.

Alternative Solutions
Before deciding to use SecureMyPW, consider the alternatives. One might be more suitable to your needs and. preferences. Here are two popular and free! alternatives:

  • LastPass: See lastpass.com. You install software on your computer so that encryption is done locally. Not all platforms are supported. Encrypted passwords are stored on LastPass's servers for syncing. Some features are not free.
  • KeePass: See keepass.info. You install software on your computer so that encryption is done locally. Most platforms are supported. Encrypted passwords are stored on a file on your computer. To share across computers and devices, you must share the file yourself.
  • SecureMyPW: No software to install. All platforms supported. You decide where to store your encrypted passwords. You decide if and how to sync across computers or share with others.
© BareNakedCoder.com