[_wldu]

I wrote a program to generate passwords based on user input about 10 years ago. I still use it today and a few teams I have worked with still use it. I called it DPG. Deterministic Password Generator. It is a similar concept. I have implemented it in Go, C++, Java and Python.

I wish the idea of generating passwords when needed rather than storing and retrieving them was more popular. Traditional password Managers are just flawed.

https://github.com/62726164/dpg

[melonkidney]

Around 5 years ago I wrote something very similar, for the same reasons as you. It was never intended to be more than a proof of concept, but I've ended up using it most every day.

Mine is web based, but all implemented in the front-end; no data is ever sent to the server.

I was debating whether to post the URL, because I don't really want a bunch of people to start depending on it the way I do (I have zero plans to maintain/improve it). But I feel like there may be sufficient interest. So the URL is in my profile for the next 48 hours.

[poglet]

Thank you for this.

So if I need to change my 'amazon' password, I press 'generate different codes'. Then when I need to use my amazon password, I come back and click the 'generate different codes' to retrieve the new password?

What is the best way to use this for a service where the password frequently changes?

[melonkidney]

If you need to change your 'amazon' password, you click 'generate different codes', yes. That action will be remembered in your browser's local storage. So when you need to use your amazon password again, it will automatically advance and generate the correct password.

But if you come from a different browser, you'll need to click 'generate different codes' again to advance to the correct password.

For services where the password frequently changes, I don't think there's a very practical way to use this. At least not across several different browsers.

[buzzerbetrayed]

> Your verification code is 120179. You can use it to verify your seed password in the future.

What does this mean? And how is it used to verify a password?

[melonkidney]

The "verification code" is a 6-digit hash calculated from the seed password. The idea is, you'll become used to recognizing the same verification code whenever you type your seed password - then you can quickly spot if you ever make a typo in the seed password.

[gruez]

>I wish the idea of generating passwords when needed rather than storing and retrieving them was more popular. Traditional password Managers are just flawed.

Why?

Password generators have flaws of their own and have been discussed extensively on hn eg. https://news.ycombinator.com/item?id=13016132 or https://news.ycombinator.com/item?id=22580719

[meribold]

Can it cope with services that disallow certain characters? Can it cope with services that require e.g. at least one digit, symbol, and capital letter?

[rich_sasha]

The standard answer is that if someone gets hold of your generation procedure, they can guess all your other passwords, and your future passwords too.

[maybeOneDay]

They'd still need your master pass phrase though? So the security is only as flawed as a password manager

[_wldu]

With DPG, you don't have to use the same sentence for each generated password. It makes it easier and more user friendly, but it's not required. I could easily have two or three sentences and still be able to recall 400 or so unique, strong passwords.

[bitexploder]

This would be too hard for the average computer user. I love the concept and could see it working for more technical users, though. There are definitely some risk trade offs over traditional password managers, though. To start: Humans have biases. Randomly generated passwords don’t have any biases. I would have to think more on this from a cryptography perspective as well, but I think it’s a cool idea :)

[SpaethCo]

So if a site is compromised and requires a password rotation, do you just never use that site again?

[Summershard]

Another open-source tool for that is Master Password:

https://masterpassword.app/