What is sitePW? - sitePW is a free password utility that
calculates unique passwords for each website using non-reversible modulo
arithmetic. The website hostname (domain)
along with your common private key are hashed using a randomized symbol
pool (DNA) to create a strong, unique, 10-character alphanumeric
password. Passwords are not stored in a database or on a computer.
They are calculated using three
pieces of information at the time you need to use them. This sitePW page
is a single HTML page with local JavaScript programming. None of the
information you enter is ever transmitted across the internet or saved
on the computer. There are no external includes, no <FORM> tags,
no AJAX code. The HTML page can be saved locally and opened even while
offline. There is nothing secret or hidden about the way sitePW works.
Because it is interpretive JavaScript, all of the source code
is openly available within this page source. The most powerful feature
of sitePW is the bookmarklet
feature found in the DNA help panel. You will use the bookmarklet most
of the time, and only visit this page when you are not at your own
computer. More information is in the DNA help panel.
Why should I use sitePW?
Too many passwords to remember.
Using the internet usually requires you to remember passwords to access
your accounts. Many passwords are difficult to remember and using the
same password at several websites is not secure. Hackers can use spyware
to steal your password as you enter it at the computer or as it is
transmitted across the internet. Website administrators have access to
login databases and all of the passwords used on their website.
Administrators could attempt your login ID and password on other
websites potentially rendering financial or defamatory harm. Hence, it
is highly recommended that you use unique passwords at each different
website. sitePW does this for you.
Complex passwords are too... complex.
Simple passwords such as "123", "letmein", "password" are easy to
remember, but they are easy to guess and can be discovered by
systematically trying words from a dictionary. Computer programs can
produce at an amazing speed combinations of words, mixed-case and with
numbers inserted. They run through this list of words day and night,
automatically. The best passwords to use are like: "b?vE4ayesPap",
"c?#8RaCR3chU", "the!_sp6c-aP"; but they are too difficult to remember.
sitePW
makes complex passwords for you.
After extensive testing, several websites were found that do not accept passwords with:
less that 8 characters,
more than 10 characters,
with punctuation symbols.
Nearly all websites do accept 10-character passwords with the characters
A-Z a-z 0-9. sitePW passwords are 10 characters made from: A-Z a-z 0-9
sitePW uses a two-process encryption algorithm to create passwords.
Modulo arithmetic hashing is used to calculate the password from a
pre-randomized, 62-character symbol pool (DNA). Since passwords
are 10 characters long, it is impossible for a venal website
administrator to determine the order of the 62-character symbol pool
from only 10 symbols.
How do I use sitePW? How does it work?
sitePW (this page) does two things:
It creates a sitePW bookmarklet that you add to the Links Toolbar of the computers you use everyday.
It functions stand-alone so you can calculate your passwords when you away from your everyday computers.
sitePW combines 3 pieces of information together to create unique
10-character passwords. When you are at the login (or registration) page
of a website, select the password field then click the sitePW
bookmarklet on your Links Toolbar. sitePW will prompt you for your
Private Key. (If you enter your Private Key in the website's password
field before you click the sitePW bookmarklet (it's more private), you
will not be prompted for your Private Key.) The bookmarklet will then
combine
your Private Key with the hostname of that website, calculate and
display a 10-character password using the randomized symbol pool stored
within the bookmarklet. When you close the bookmarklet dialog, the
password will be filled into password field. This stand-along page does
the same thing, but you must paste or type in the website hostname (the
URL), enter your symbol pool DNA value, as well as your Private Key.
Your password for that website will briefly display so you can
copy and paste it into the password field.
Password generator code - JavaScript bookmarklet:
javascript:(function()
{
var C='yc5gQR8LrGVmaMxqk7HvS1YWjF62PoeuZ4bChIfNiJEXU0OA3npdwBt9lTzKDs',
s=62,
o=document.selection.createRange().parentElement(),
p='',
k=o.value,
h=7919,
l,
i,
p='',
m=0x7FFFFFFF;
You can see the 62-character symbol pool in the first var line up
above. While the symbols can be arranged in any order you like, it is
done for you programmatically using a 32-bit maximal-length shift
register based upon numerical seed (DNA) that you provide.
Hostname (domain) Length is Important
In order to repeatably and securely calculate unique passwords for each
domain name (URL), you must pay attention to the hostname length. The
button in the lower-left corner
selects the domain name length (separated by periods) of the Site URL
you entered. Most websites begin with "www." but some do not. It is best
to not include the "www." in the sitePW calculation. Also, for country
identified
domains such as ".co.uk", you will need to select more than just "co.uk"
as the hostname. Set the hostname length to or to select more domain name parts.
domain URL
Set to
selects hostname of:
http://www.gmail.com/
gmail.com
RECOMMENDED
http://www.gmail.com/
www.gmail.com
NOT recommended - passwords can be different
http://www.theregister.co.uk/
co.uk
NOT recommended - passwords will not be unique
http://www.theregister.co.uk/
theregister.co.uk
RECOMMENDED
http://www.ebay.com/
ebay.com
RECOMMENDED
http://www.ebaymotors.com/
ebaymotors.com
Problem. Domain names can be different but they access
the same accounts. Passwords will be different and will work with one
hostname but not the other.
sitePW was created by Troy Fuqua to protect online accounts from
weak and common password usage. Concept testing began Sunday, December
18, 2005 and was launched publicly on Saturday, May 19, 2007.
All Rights Reserved.
Advisory and Usage Recommendations:
The best feature of sitePW is the bookmarklet (on the DNA help panel). If you copy the bookmarklet to the Links
bar of your browser, people who have administrative access to your
computer can access your bookmarklet which contains your symbol pool.
The symbol pool is one part of the two-process algorithm. Without
knowing your Private Key, the symbol pool is useless to them. It is
recommended that you
do not copy the bookmarklet to computers that you are temporarily using -
use this sitePW page to compute passwords while you are away from your
daily computers.
You can use one Private Key for all of your websites or a different
Private Key for each website. The main purpose of sitePW is to let the
computer calculate each different website password using the same
Private Key. It is highly recommended that you use a strong Private Key
with mixed case, numbers and punctuation symbols. You will type in this
Private Key each time you need to sign into a website. We recommend that
you use at least two Private Keys, one for websites that are
directly linked to your financial accounts, and a different Private Key
for non-financial websites. For more information, see the Private Key
help panel for more information.
sitePW creates strong passwords for your website accounts. It does NOT
use the account passwords that you have already picked. In order to
begin using sitePW, you will need to select a DNA seed and a Private
Key. From then on, as you log into each website account, you will need
to change your account password to the password created by sitePW.
Troubleshooting Tips
sitePW bookmarklet contains different code for IE and Firefox browsers.
They won't work properly if you copy the bookmarklet to the other
browser. Always copy them from the DNA help panel.
Some websites have https: (secure) inner content within an http:
(non-secure) page. sitePW bookmarklet will not access the secure
password entry from a non-secure page. Click on the page somewhere that
is not secure (away from the password entry) and try the bookmarklet. If
the Private Key prompt appears, proceed and copy and paste the
calculated password into the secure entry.
Contact Information
You may contact me at the following email address:
(this address will change if it becomes abused. sitePW.com will always display the current email contact.)
I welcome all feedback and suggestions. sitePW can inform you by email of anything significant regarding sitePW. Subscribe by email to join the list. Send an email message to:
with the following in the message body... subscribe user.list Your Name
The subscription list will never be utilized, distributed or sold; in whole or in part; outside of sitePW.com use.
to the user list. (for Outlook and other mailers - try it)
DNA Information
sitePW calculates unique website passwords using modulo arithmetic.
Because the algorithm is known, it would be possible for a venal website
administrator to brute force attack the your login password and derive
your Private Key. By selecting password characters from a shuffled
symbol pool, it becomes quite impossible to brute-force-attack your
Private Key without knowing the order of the symbol pool.
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 - password symbol pool yc5gQR8LrGVmaMxqk7HvS1YWjF62PoeuZ4bChIfNiJEXU0OA3npdwBt9lTzKDs - shuffled password symbol pool
DNA Input Help
Enter a 1 to 16 digit number to randomize your password symbol pool.
Click the button to hide your DNA input. Click it again to lock the value.
The entry will automatically clear itself in 30 seconds. Click so it won't automatically clear.
When entering the DNA number, the symbol pool panel will display. Press the ` key to hide the symbol pool.
Press the ` key again to hide your DNA input. (same as clicking the HIDE button)
Press the ` key again to lock your DNA input. (same as clicking the LOCK button)
DNA Selection (IMPORTANT)
The DNA number seeds a 32-bit maximal length shift register that is used
to randomize the 62-character symbol pool. The DNA number is much
easier to remember than a 62-character symbol pool. You will need to select a private number that you can readily remember.
Once you select this DNA number, it becomes a integral to ALL of your
passwords. If you later decide that you want to change your DNA number,
then all of your website passwords would need to be changed.
If you add the bookmarklet to the Links Toolbar and use it to calculate
login passwords, you may soon forget the DNA number you used. It may be
several months later when you are away from your own computer(s) and you
need to visit this page to calculate one of your passwords. Choose a
DNA number that you can remember.
If your computer is shared with family, friends, and co-workers and does
not have separate login (machine) accounts on the computer, the common
bookmarklet on the Links Toolbar may become used by others who will one
day need to know the DNA number you used. Keep this in mind if you
demonstrate sitePW to others and they begin using your bookmarklet to
create passwords. A DNA number used by all family members should be
agreed upon by all.
Step 1. Enter your DNA number. (behind this panel)
DNA must not be locked.
Step 2. Add these 3 bookmarklets to the Links Toolbar.
To add these links to your Links Toolbar, follow these steps:
1. Click Favorites, right-click Links, click Explore
(this opens your Links folder in File Explorer)
2. Create a New Folder, name it sitePW. (then open it)
3. For each sitePW above:
a. Right-click, Copy Shortcut;
b. Right-click the File Explorer sitePW folder, click Paste Shortcut.
To add these links to your Links Toolbar, drag them there. I recommend that you put them in a folder named sitePW.
Bookmarklets
The most powerful feature of sitePW is the creation of these sitePW
bookmarklets for your Links Toolbar. At the top of this browser window
you will find a Links or Bookmarks Toolbar. If it is disabled or off to
the side, right-click it and make sure it is unlocked, then drag it
towards the center. If there are links in there that you never use,
remove them (right-click).
TIP: After you create the bookmarklets, I recommend that you put them into a pull-down folder on the Links Toolbar. Click Favorites; Organize Favorites...; Links; Create Folder, name it sitePW. Put sitePW2-4 in that folder.
Thanks to Nikolas Coukouma for assistance with Firefox ".anchorNode.childNodes" function.
Private Key Information
The Private Key is the most critical piece of the sitePW mechanism. It
is what you type in each time you need to enter a website password. It
hashes with the website hostname to calculate the password for that
website. While you would typically not have more than one symbol pool
(see DNA help), you probably will use several Private Keys.
When you are using sitePW to calculate a website password, think of the
Private Key as the password for that website. What you enter is
mathematically transformed into a strong, unique password for that
website. It is recommended that the Private Key you enter is 8 or more
characters, with mixed case, numbers and punctuation symbols. Do not use
a dictionary word. It is recommended that you use at least two Private
Keys, one for websites that are directly linked to your financial
accounts, and a different Private Key for non-financial websites.
For websites that require you to change your password often, you can
include the change frequency in your Private Key. If a website requires
that you change your password every month, and your Private Key is
"E99**phiSH", change your Private Key at the first of the month to
"E99**phiSHjun" or "E99**phiSH6" to encode the month in the Private Key.
Changing "E99**phiSH6" to "E99**phiSH7" is only one character different
but the calculated password will be totally different.
When using the bookmarklet, you can type your Private Key into the
password input on the webpage then click the sitePW2-4 bookmarklet. The
bookmarklet will read the Private Key from the password input and
calculate the password, displaying it in a prompt (which you can edit);
then it will insert it into the password input. When you are within
screen distance of others, enter your Private Key in the password field
and let the bookmarklet fetch it. At other times, it is recommended
that you enter your Private Key in the javascript prompt. Venal website
programming could use javascript code to capture your keystrokes into a
hidden field and send it through the internet.
When registering on any website, you usually create a password and have
to enter it twice. I recommend that you use the bookmarklet both times
(entering your Private Key) so that the mismatched password check will
work. If you mistype your Private Key and copy/paste the wrong password,
you might not be able to get back in.
Private Key Input Help Enter any text as your Private Key.
Click the button to hide your DNA input (or press `). Click it again to lock the value.
The entry will automatically clear itself in 30 seconds. Click so it won't automatically clear.
Press the ` key to hide your DNA input. (same as clicking the HIDE button)
Press the ` key again to lock your DNA input. (same as clicking the LOCK button)
Troubleshooting Tips
Some websites have https: (secure) inner content within an http:
(non-secure) page. sitePW bookmarklet will not access the secure
password entry from a non-secure page. Click on the page somewhere that
is not secure (away from the password entry) and try the bookmarklet. If
the Private Key prompt appears, proceed and copy and paste the
calculated password into the secure entry.
• Last update:25/May/2007sitePW.com"forget website passwords! use a private key."