GoSecure is a simple mechanism by which you can securely generate and retrieve all your passwords for use online and elsewhere. Using a single passphrase to manage all your passwords means that you can have a different, secure password for each website you visit. Using a simple bookmark you can safely retrieve your passwords from anywhere in the world. Never be stuck without your passwords again!
GoSecure does not use a database to manage your passwords and your passphrase is never transmitted to anyone. This makes GoSecure safe to use from internet cafes and in other untrusted locations. You can even run the applets completely offline. GoSecure uses an algorithmic process to generate unique passwords based on the specific information about the service in question. The addition of pronouncable password generation means that GoSecure can also be used for things like telephone banking, where verbal security is required.
With GoSecure the only piece of information you need to remember is a single passphrase, from which all your passwords can be reproduced. However, care must be taken to ensure that the passphrase is not forgotten as there is no way to retrieve it, but because the same passphrase will be used for all your passwords, you will use it regularly and should therefore be less likely to forget it.
Using GoSecure does not stop you from managing your passwords using a secure 'wallet' and in fact this is encouraged when possible, as it avoids the need to retype your passphrase repeatedly. What GoSecure gives you is:
- A simple way to generate good quality passwords for websites and other services
- A secure mechanism to retrieve your passwords even when you are away from home
- An easy system for managing your passwords using a simple bookmark
Essentially the mechanism behind GoSecure is an algorithm for generating passwords from a given username, service string and passphrase. There is no infrastructure requirement and there is no reason that this algorithm cannot be implemented in other languages or for other Java profiles.
Currently this work is only a proof of concept. I have not yet decided on a license to go with the source and I am still considering the exact nature of the algorithms to use for password generation. If you do wish to use this version of GoSecure to manage your passwords then that's great and I will ensure that even if the main version changes, there will still be access to the original applets. If you are worried about managing your passwords from this site then you can simply download the current version and run it on your own site.