hbkfmkahandehhbdlgbfhaeacecfeceo
Filling password for you using Amaranth algorithm We all know that using same password everywhere is extremly unsafe because websites cannot be trusted to protect them from hackers. So once one of your passwords is leaked, the other accounts are still safe. However, it is impossible to remember all passwords for different websites. So there are several solutions for password management, like LastPass, 1Password or KeePass. But are they really safe? LastPass had been hacked. Keep them local? You must synchronize manually. How can we balance the safety and convenience? Amaranth provides a simple password management solution. You just need to remember only one password (we call it main password), and set different site id for accounts on different sites (you can directly use the brand name like google or apple). Amaranth will calculate the password for you. Only you have main password, and site id, Amaranth can calculate correct password for you. If any of this 2 is wrong, Amaranth will provide different password. The benefits of this are that you only need to remember this specific main password IN YOUR BRAIN, and Amaranth can give you any password you need at any devices without synchronization and storage. So Amaranth is unhackable because it dose not store any of your password. It only provides an algorithm to generate them. It also comes with different type of password in case there is requirement in websites or services. For example, some website require longer password length (more than 10) but some service (like bank) require PIN as password. Amaranth provides 4 kinds of passwords which is PIN, Short, Classic and Long. According to HOW SECURE IS MY PASSWORD?, the Long type password needs 3 TRILLION YEARS to crack (as in 2016). The benifits of using Amaranth: Safe, unhackable. Even your computer is stolen, the passwords will never leak. Easy to remember. User just need to remember a main password and a rule of site id. Main password is only used to generate password, never used in actual websites. No need to think a new password for new account. There is also a shortcoming, if you choose this solution, you need to change your current passwords.
Free Password Manager & Authenticator & SSO
The free password manager extension comes with autofill & autologin including websites that support the Authenticator format. SAASPASS is a free Password Manager & Authenticator 2FA code generator with autofill & autologin capabilities. It is built with Security & Usability in mind. The SAASPASS password manager extension can autofill both your passwords AND authenticator codes enabling a smooth seamless experience and single sign-on SSO. There is NO need for a separate desktop password manager application with the SAASPASS browser extension. The password manager browser extension plugin is protected by two-factor authentication by default and includes passwordless 2FA like scanning an encrypted barcode and push login approval. The password keeper browser extension plugin is both phishing-proof and prevents man-in-the-middle attacks. The SAASPASS mobile app is available on the Apple App Store and Google Play. The iPhone and iPad version is available here: https://apps.apple.com/us/app/saaspass-authenticator-2fa-mfa/id849132027 The Android version is available here: https://play.google.com/store/apps/details?id=com.solidpass.saaspass&hl=en&gl=US You can access everything with copy/paste capabilities also from the SAASPASS web portal at: https://www.saaspass.com/sd/#/login The web portal is protected by multi-factor authentication by default, and includes passwordless MFA like scanning an encrypted barcode and push login approval. The SAASPASS Password Manager comes with over 100 thousand pre-configured websites and mobile apps There is the Authenticator 2FA code generator for websites and mobile apps The SAASPASS Security Scan identifies websites and apps that have Authenticator 2FA support, and also identifies Duplicate and Weak passwords The password manager and authenticator code generator has user initiated AutoFill & AutoLogin (prevents hijacking) The password manager addon is secured with passwordless 2FA There is SSL Detection and the browser extension only Autofills HTTPS sites The password manager add-on comes with SSO & Copy to clipboard The Web Portal Access comes with SSO & Copy to clipboard The Web Portal is secured with passwordless 2FA The 2FA on the browser extension is pinned and mitigates against Phishing and Man-in-the-Middle attacks Secure Notes - in this notes and password keeper you can store and vault all sorts of details both offline and optionally synced online with multiple devices There is a Strong Password Generator in the browser extension and mobile app SAASPASS comes with Multiple Device support and Device Management (including device removal) Tablet support (including landscape view and split screen on the iPad) Secure Backup & Restore options with SIM Swap prevention Universal Search is available for both the password manager and authenticator codes in the mobile app, web portal and browser extension Works on all platforms (Microsoft Windows, Apple Mac, Linux, iPhone, iPad, iOS and Android etc.) There is no need for a desktop application to be installed Sharing of Authenticator (TOTP & HOTP) codes supported (available for teams and enterprises) Mobile AutoFill with App Lock protection Password Manager, Authenticator & Secure Notes work with offline and online options Phishing proof logins logins from the password manager browser extension HOTP/TOTP support is adjustable and comes with support of 6,7 and 8 digit codes You can integrate the password manager with 2FA products twilio authy, google authenticator, microsoft authenticator, 1password, dashlane and duo security The mobile app is available in over 30 languages In addition to personal use, companies can also use SAASPASS for: Multi-factor authentication (MFA), Enterprise Password Manager, Single Sign-on (SSO) Shared Access Manager Share passwords Share Authenticator codes (TOTP & HOTP) with teams Share emails & applications Access Control Policies Adaptive Authentication Privileged Access Manager (PAM) Directory Services (including Microsoft Active Directory and LDAP) Endpoint Access Protection (enforce MFA on computers) Reporting & Audit Trail (internal SIEM & export to external SIEMs) Companies can sign up from the www.saaspass.com website. The Identity & Access Management (IAM) of SAASPASS can be used to integrate many business and productivity applications including email and collaboration suites There is pre-built out-of-the box integration to over 100 THOUSAND applications to services like Amazon, Facebook, Dropbox, Gmail, Twitter and Linkedin. Developers can integrate passwordless multi-factor authentication (MFA) services with RESTful API, ready code snippets in multiple languages and SDKs. More details on building two-factor authentication 2FA is available at: For enterprise customers there is support for hard tokens with TOTP, HOTP & FIDO U2F format and USB based Yubico Yubikey OTP. The mobile password manager and authenticator app has app protection that includes: Biometric Authentication TouchID FaceID Pattern Invisible Pattern Scrambled Keypad Fingerprint Authentication and Verification Facial Authentication and Verification You can import services as a CSV file from your Chrome browser or other formats from the SAASPASS web portal for services like Dashlane, Lastpass and 1Password. The 2FA (always required) to unlock your browser extension is phishing-proof and keylogger attacks are mitigated against. There are no static credentials, like a master password to unlock the browser extension, that can be used in a replay attack. Man-in-the-middle attacks are not possible as the 2fa is pinned to the browser. This makes the SAASPASS browser extension arguably have the highest level of security possible with extreme usability. Integrations of the Single Sign-on SSO solution include SAML, OIDC, RDP, VPN, okta, cyberark, onelogin, sailpoint, saviynt, simeio solutions, pingone, beyondtrust, avatier, roboform, avira, my1login, zoho vault, password boss, bitwarden, one identity, enpass, myki, nordpass, passwordstate, logmeonce, zenmate, blur, abine, lastpass, password depot, dropbox passwords, it glue, true key, x beta, norton security, microfocus, silverfort, kee, thycotic, avg, passbolt, total av, passwork, netiq, 1clickvpn, safeincloud, devolutions, steganos, remembear, keepasshelper, commonkey, aws iam, axiad, keepassxc, apple keychain, ping one, duo security, expressvpn, rapidIdentity, touch vpn, identity automation, ambius, kaseya, passly, directory services, metadata directories, Azure AD, Active Directory, LDAP and secure web based form-filling. You can even add passwordless MFA to Identity Providers (IdP) and Identity Governance solutions like idaptive, okta browser plugin, onelogin, ibm tivoli isam esso and oracle. You can set up the team password manager and team single sign-on by signing up in the company sign up. The team password manager can be used for all password sharing needs including making the passwords visible and invisible. The admin can share both the password manager and the authenticator codes (TOTP & HOTP) as well. The password manager & authenticator codes generated can be shared on mobile devices, the web portal and the browser extension. We have a limit of 500 login items in the personal use case for the free password manager and authenticator code generator. This is how we can offer the password manager for free for personal use while we charge companies. The secure notes keeper is stored in an encrypted vault and works offline by default. You can turn it online and have it synced with multiple devices as well. Keep us posted with your suggestions, feedback and ideas for improvements for the password manager and authenticator code generator. We look forward to it and always appreciate it! If you enjoy the service feel free to rate us. This helps us improve the password manager, secure notes keeper, password vault, and the authenticator code generator and our service to you. You can learn about more features about the password safe, encrypted vault, notes keeper and you can get the SAASPASS Free Password Manager & Authenticator for Mozilla Firefox, Google Chrome, Apple Safari, Microsoft Edge and Opera from www.saaspass.com
PassLok for Email
High security encryption for email. PassLok is in no way associated with Gmail, Yahoo, or Outlook. ⚠️ PASSLOK FOR EMAIL IS DEPRECATED: PLEASE UPGRADE TO PRIVACY BAR ⚠️ Due to continuous, unannounced layout changes by email providers like Gmail, Yahoo, and Outlook, maintaining reliable embedded toolbars has become unsustainable. Recent interface updates have permanently broken the integration for this extension. To ensure your secure communications are never interrupted again, we have migrated all core features of PassLok for Email into our actively maintained flagship extension: Privacy Bar. Privacy Bar gives you the exact same serverless, battle-tested encryption, but interacts with your browser through a stable interface that email providers cannot break. It is fully backward-compatible with your existing Lock collection, which you can read from sync storage. 👉 Search the Chrome Web Store for "Privacy Bar" or visit privacybar.net to upgrade. TAKE PRIVACY INTO YOUR OWN HANDS Easy, end-to-end secure encryption for email, plus real-time chat, that does not rely on servers and is therefore immune to hacking or government intervention. Right now PassLok for Email supports Gmail, Yahoo mail and Outlook online. If you need any other emails right away, check out PassLok Universal, which is also more resistant to changes in the services. --PassLok for Email is incredibly easy to use-- To encrypt a message or file, just click the PassLok icon at the bottom of the Compose or Reply box. A popup will take your private message and encrypt it with the click of a button. Then you can send it out like any other message, or as an attachment. To decrypt it, click the PassLok icon at the top of the encrypted message. A popup will show the decrypted message or file immediately, or will tell you if there is any problem. PassLok asks you for your Password only once. It can be anything you want, so you can actually remember it. PassLok will evaluate its strength and compensate for its weakness by lengthening the computations. It won't be stored or sent anywhere, and PassLok will forget it after five minutes of inactivity. If you want to change your Password, go ahead and start using a new one when PassLok asks you for it. You may be asked for the old Password if PassLok can't decrypt something, but otherwise that's all you'll have to do. You can use either of these two encryption modes, by just clicking a button: 1. Signed mode: encrypted messages can be decrypted again, so long as the recipients supply their authentic passwords. Recipients are also assured that the message was encrypted by the sender. 2. Read-once mode: after a few encrypted messages have been exchanged they can no longer be decrypted by anyone, even if they supply the correct passwords. In addition, you can make encrypted chat invitations which, when decrypted by the recipients, open a webRTC real-time chat session where participants are directly connected to one another. The chat session includes text, files, audio, and even video. PassLok for Email allows you to encrypt files and images as well. Just load them with a toolbar button. You can also encrypt them separately and load them as regular attachments. You can also communicate with users of services not supported by PassLok for Email. They can use PassLok Privacy (also in the Chrome store), which has a special mode fully compatible with PassLok for Email. For the very paranoid (and who isn't these days?), PassLok for Email includes four special features: 1. Encrypt to image: the message is encrypted into an image you supply and then attach to your email, so the presence of a hidden message cannot be detected even by computer analysis. 2. Concealed mode: the encrypted message does not look encrypted, but actually looks like normal text. PassLok still detects it and decrypts it normally, though. 3. Invisible mode: the encrypted material cannot be seen at all. It is hidden in the space between the lines of an otherwise normal message. 4. Hidden msg: there is a hidden message in addition to the regular message, and it is encrypted by a separate key. The hidden message is completely undetectable to those who don't know it exists. Images also can contain hidden messages. --State-of-the art security-- PassLok is based on the NaCl encryption engine, which uses 255-bit standard elliptic curves vetted against weaknesses by experts. On top of that, it uses the 256-bit XSalsa20 symmetric cipher, a high-performance, open source algorithm, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. The image-encryption part of PassLok, developed in-house but open-source, has recently been shown to be much harder to detect than F5, the champion steganography tool until now. PassLok does not use servers that might eventually compromise your private data. All encryption is done client-side. All data sent to the email server is encrypted, and they don't have the password that decrypts it. With PassLok, you can actually SEE that that your messages have been encrypted. You can also see the code. PassLok hides nothing from you. PassLok for Email is now in public beta testing. To report any bugs or suggest improvements, please submit them as "Issues" at this GitHub page:
gPass
gPass : global Password for Firefox and Chrome gPass is an online, open source and self hosted password manager. It helps you to have a different and complex password for every account you own while only remembering one (or multiple) passwords ! To have a high level of security, all information is stored encrypted (salt + AES 256-CBC). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it brute force or leak your masterkey) ! Thus it's important to choose a strong masterkey ! First thing is configuration : 1) Enable the extension for private browsing 2) Install your server (see below), or use the demonstration one and create your accout 2) Go to extension options and configure your server address ("https://server name/account") 3) Populate your password database. You can use "*" character to access to all subdomains of a specific website (ie *.google.com). Then usage : When you're in a login form and you want to use gPass, type your login (case sensitive !) and fill "@@masterkey" in password field (only if gPass icon is green !). Then submit and password will automatically be replaced by the one in the database (after addon decrypt it). **You can also type "@_masterkey" to only replace your password without automatic submit. This allows to support more websites.** Another option is to enter your credentials in the new popup menu by clicking on gPass icon. If it's possible, gPass will auto fill password field, if not result password is stored into your clipboard. **Popup path is a safest method as website page will never see your masterkey.** ** Warning ** : Sometimes, addon could make some websites unusable, especially for login form. In this case, you can deactivate it for only one website by clicking right on gPass icon and "disable or enable gPass for this website" in addon menu. It's a local configuration, so it must be done for each browser. gPass can also be disabled for ALL websites thanks to addon menu "Disable or enable gPass for ALL websites". _When gPass is disabled, you can still use popup feature_. To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in resources. Since v0.8 and the use of Crypto API, **it's manadatory to have an HTTPS access (valid SSL/TLS certificate) to the server**. Without that, the decryption will fails. A demonstration server is available [here](https://gpass-demo.soutade.fr). It's the default server configuration for fresh installed addon (user demo). **Warning** The master key derivation is partially based on account URL. So it's linked to your current server information. You can't move databases from servers with different URLs, you need to export them and import it again. Just install the package. You can have debug information by setting DEBUG in main.js. All the code is licensed under GPL v3. Source code is available [here](https://forge.soutade.fr/soutade/gPass).
Sphinx Logon Manager Extension
Google Chrome Extension for Sphinx Logon Manager. This extension enables the Sphinx Logon Manager software to auto-record and auto-fill website logons in Google Chrome. Users must already have the Sphinx Logon Manager installed on their computer in order to use this extension. ABOUT THE SPHINX SOFTWARE The Sphinx Logon Manager software uses existing ID cards to secure logon to Windows, websites, applications and makes it easy to use strong passwords for logon processes. Conforms to industry and government standards such as HIPAA, CJIS, and FIPS. Easy add-on for Windows environments, with no infrastucture changes. Complete central management functionality allows administrators to manage security policies, password policies, and logon entries. BAD PASSWORD HABITS MAKE US VULNERABLE Many of us are guilty of the same bad password habits - taping passwords to our computer monitor, using the same password for multiple logon locations, using easy-to-crack passwords, never changing our passwords. As our network administrators tell us, passwords are supposed to ensure privacy and security. But our bad habits make us and our entire organization vulnerable to attack. SPHINX BRIDGES CRITICAL SECURITY GAP The Sphinx Logon Manager software stores logon user names and passwords securely, and facilitates their entry into Windows, networks, websites, and applications. • Windows logon data is transferred directly from Sphinx to Windows. Entry of data cannot be observed and keystrokes cannot be recorded. • Administrator or end-user can "auto-record" website and application logon information. The next time end-user goes to location, Sphinx "auto-fills" logon information. • Two-factor authentication provides strong protection. End-user must have card and end-user must know PIN, to access Sphinx data. With Sphinx, end-users can use long complex passwords, change them frequently, get password change reminders and generate random passwords. EASY TO MANAGE The Sphinx CardMaker software enables administrators to easily manage the logon security policies and logon entries of their Sphinx Logon Manager installation. FULL-FEATURED FLEXIBILITY The pre-configured Sphinx CardMaker management software runs out-of-the-box on an administrator computer, but it also offers full-featured flexibility for all sizes and types of installations. • Administrators who want no added responsibility can install Sphinx CardMaker and simply leave it to run, to provide data server functionality for the Sphinx Logon Manager installation. • Administrators who want to manage security policies, logon entries, and end-users, can use the full spectrum of capabilities provided by CardMaker. SIMPLE PRESENTATION, STRONG CAPABILITY Open Domain Sphinx Solutions believes in helping customers make the best use of current technology, with the least amount of effort. Sphinx CardMaker management screens and settings menus are laid out in a simple and straight-forward manner, so that all tasks can be easily accomplished. For example, with one click administrators can check to see how many cardholders have self-enrolled. Or if administrators choose to issue Sphinx license keys from CardMaker, issuance is accomplished with two mouse clicks. Likewise, administrators who choose to manage logon entries for their end-users will not find it to be a complex, time-consuming task. Administrators auto-record managed entries using the Sphinx Logon Manager software, and update and load them to end-user cards as required. CardMaker does not require complex connector or script-based interfaces to enable logon entry management, as many single sign-on programs do. INTEROPERABILITY IS KEY The CardMaker software provides open interfaces and works with industry-standard databases. Customers who want to share data with or use data from the CardMaker database can use the standard APIs, which are provided with the software.
