

Show HN:  Cryptasia - A Better Secure Password Website - karl_gluck
http://www.cryptasia.com
Hi everyone!  I've read HN for a while and am often inspired by the projects I see here, but this is my first time to submit something and get feedback, so it's pretty exciting. :)  My fiancee and I were inspired to create a secure password service after seeing the Vault (by James Coglan; https://getvau.lt/) posted here a couple weeks back.  We stayed up all night putting together Cryptasia and, now, finally think it's ready.<p>First:  What is Cryptasia?   It's a service that takes a website's name, your secret phrase, applies some hashing, and generates a unique password for that website.  By using Cryptasia, you can log in to any website requiring a username/password using just one single secret phrase.  Your password on every website will be unique and cryptographically unrelated to your secret phrase, so if one website is compromised--which seems to be happening a lot recently--you won't have to change your password on any other website.<p>Now we know what you might be thinking... great, what's the big deal about yet another password generator?  Why is it any better for keeping track of all your passwords than, say, KeePass, 1password, lastpass, or even Vault?<p>1  You'll never have to invent a password for any website.  Cryptasia knows which characters can and can't be used, which characters are required, and how long the password needs to be.  Using this, it automatically generates a password that meets the requirements.  We have a lot of services programmed in already, but with an account, adding new websites or changing a website's settings just takes modifying a line in a Google spreadsheet.<p>2  The website's name isn't actually used to create your password.  Instead, Cryptasia uses an associated key string.  By sharing key strings among the password settings for different websites such as youtube.com and gmail.com, you can log in to different sites that share an authentication service (in this case, Google's) but have different names.  The other benefit is that Cryptasia lets you change passwords for a website without changing your secret phrase.<p>3  Copying your password and logging in to another website is really streamlined.  We autocomplete the website name (including shortcuts, like "aws" for Amazon Web Services), and the "copy+go" button both copies the password to your clipboard and jumps you to the login page for whatever website you selected.  Try out Hacker News!<p>4  We don't store any personal information.  We don't even have a database!  You don't need to trust us in order to use Cryptasia--the source code is unminified and in plain sight.<p>5  Cryptasia shows an image based on your secret phrase, so you know you typed it correctly<p>6  It works great on mobile!  It was a huge pain, but we got copy+paste working for Safari, the Android default browser, Firefox mobile and Chrome mobile.<p>7  An account with us doesn't require you to remember yet another password.  That would be ironic.  Your account is based on data in a Google Spreadsheet, so the privacy settings of that spreadsheet will apply to your version of Cryptasia.  For example, my personal Cryptasia account is "crypt.asia/karlgluck".  I've left mine public so anyone can see it and, theoretically, use it to generate passwords--however, I can modify the spreadsheet at any time, so that probably wouldn't be a good idea.  Still, if I didn't want people to know at which websites I had accounts, I could make the spreadsheet private and it would be nonfunctional unless I was logged in to my Google account.<p>Speaking of, a Cryptasia account is free for the first month, but we have to set them up manually so it might take a little while for us to get yours going.<p>Let us know what you think!<p>Get started here:  http://crypt.asia
======
karl_gluck
Hi everyone! I've read HN for a while and am often inspired by the projects I
see here, but this is my first time to submit something and get feedback, so
it's pretty exciting. :) My fiancee and I were inspired to create a secure
password service after seeing the Vault (by James Coglan;
<https://getvau.lt/>) posted here a couple weeks back. We stayed up all night
putting together Cryptasia and, now, finally think it's ready.

First: What is Cryptasia? It's a service that takes a website's name, your
secret phrase, applies some hashing, and generates a unique password for that
website. By using Cryptasia, you can log in to any website requiring a
username/password using just one single secret phrase. Your password on every
website will be unique and cryptographically unrelated to your secret phrase,
so if one website is compromised--which seems to be happening a lot recently--
you won't have to change your password on any other website.

Now we know what you might be thinking... great, what's the big deal about yet
another password generator? Why is it any better for keeping track of all your
passwords than, say, KeePass, 1password, lastpass, or even Vault?

1 You'll never have to invent a password for any website. Cryptasia knows
which characters can and can't be used, which characters are required, and how
long the password needs to be. Using this, it automatically generates a
password that meets the requirements. We have a lot of services programmed in
already, but with an account, adding new websites or changing a website's
settings just takes modifying a line in a Google spreadsheet.

2 The website's name isn't actually used to create your password. Instead,
Cryptasia uses an associated key string. By sharing key strings among the
password settings for different websites such as youtube.com and gmail.com,
you can log in to different sites that share an authentication service (in
this case, Google's) but have different names. The other benefit is that
Cryptasia lets you change passwords for a website without changing your secret
phrase.

3 Copying your password and logging in to another website is really
streamlined. We autocomplete the website name (including shortcuts, like "aws"
for Amazon Web Services), and the "copy+go" button both copies the password to
your clipboard and jumps you to the login page for whatever website you
selected. Try out Hacker News!

4 We don't store any personal information. We don't even have a database! You
don't need to trust us in order to use Cryptasia--the source code is
unminified and in plain sight.

5 Cryptasia shows an image based on your secret phrase, so you know you typed
it correctly

6 It works great on mobile! It was a huge pain, but we got copy+paste working
for Safari, the Android default browser, Firefox mobile and Chrome mobile.

7 An account with us doesn't require you to remember yet another password.
That would be ironic. Your account is based on data in a Google Spreadsheet,
so the privacy settings of that spreadsheet will apply to your version of
Cryptasia. For example, my personal Cryptasia account is
"crypt.asia/karlgluck". I've left mine public so anyone can see it and,
theoretically, use it to generate passwords--however, I can modify the
spreadsheet at any time, so that probably wouldn't be a good idea. Still, if I
didn't want people to know at which websites I had accounts, I could make the
spreadsheet private and it would be nonfunctional unless I was logged in to my
Google account.

Speaking of, a Cryptasia account is free for the first month, but we have to
set them up manually so it might take a little while for us to get yours
going.

Let us know what you think!

Get started here: <http://crypt.asia>

