vPass: Javascript page for maximum security and minimum of pain when working with passwords

Dear Habrayuzer,

Let me introduce you to a micro-web application that I created to solve my own problem — to make working with my passwords on the Internet safer and less time consuming. I just got sick, and in order not to lie idle, I decided to test myself and in 24 hours make a web service that the world is not ashamed to show. Plus, I spent a day writing texts.

Generator itself
')
Information and video demo



In short:

• you need to remember one “master” password, and vPass generates a unique password based on it, for each site.
• vPass generates a meaningless set of letters and numbers (12 characters by default) that are almost impossible to guess.
• vPass is made for quick work with the keyboard. Enter the master password, Ctrl-C, Ctrl-W, done!
• vPass does not “store” your passwords (and does not store anything at all). Your password is not transmitted anywhere. vPass does not communicate with the server - it simply downloads the html page to the browser.
• Works on any platform with a web browser. Windows, Mac OS X, Linux, Android, iOS, Windows Phone, webOS, and any OS of the future!
• Instead of the “domain” of the site, you can use any “username”. I thus generate passwords for Linux users.
• For complete confidence, you can download vPass and run from your computer.

The topic is not new -

Storing passwords without saving them
A simple method of storing passwords in the head
How easy it is to remember passwords
Simple paranoid password management method

I dare, however, to hope that my implementation will seem most convenient to you.

A couple of quotes from the FAQ :

• vPass accepts 2 parameters - master password and domain (username). If you open a vPass through an extension or bookmarklet, the domain is automatically read. That is, if the browser opens the address accounts.google.com , vPass will set the value "domain" = google . It remains only to type the master password and press Enter.
• vPass sticks master password and domain in one line. Then a unique password is generated from it. For example, if your master password is sopli (I do not recommend! Too simple), domain = google and length = 16 , then the password " f6pzQ3MthBzpEdSO " will be obtained from the sopligoogle line. Copy it, close vPass and paste into the login form.
• How safe is vPass?
  As much as your master password is secure. Theoretically, if the master password is easy to guess, and a bad person guesses that you are using vPass, then he will get access to all your passwords. Fortunately, the generated passwords do not reveal their origin in any way, and vPass is not at all popular, so don't worry :)
• How can I generate the same password for all sub-domains of the site?
  when reading a domain, vPass does it automatically - discarding sub-domains and TLDs. Only the “semantic” part remains. For example, amazon.fr and amazon.com have a single base of accounts, and vPass will correctly put just amazon in both cases.
• Can I trust vPass? What to do if the site disappears?
  Excellent question - once again I urge you to download a local copy. As for the server, everything is disabled on it, even access logs. And as I said, the server only sends data, but does not accept.

I hope that vPass will seem useful to someone other than me, although since the logs are disabled, I don’t even know how many people use it :)

[Update]: Many thanks to the commentators for the excellent discussion! I will try within a couple of days to make an update, taking into account all the useful comments. The old algorithm will remain (to maintain backward compatibility), but new ones will appear (more better :-)), so wait a couple of days before starting the actual use. Thank!