In reality, users tend to reuse passwords or make trivial changes to their existing passwords to create new ones and use them across different sites for ease of memorization. So, creating secure passwords for every site has become a daunting task. To overcome this daunting and challenging task, PwdFly is available as a chrome extension, website, Android app to help users create secure passwords based on a Master Password and the site’s URL as the key for that website. PwdFly generates site-specific secure passwords by taking the user’s Master Password, the website’s URL, email address of the user and the version for the password. The Master Password is the secret, the URL acts as the index, the email address concatenated with the URL acts as the salt, the version control is used to generate new passwords for a particular website without having the user to change the master password. PwdFly uses Scrypt as the one-way function which also serves as the key-stretching algorithm. The password generated by PwdFly ranges between 12 and 16 characters and it contains uppercase characters, lowercase characters, numbers and special characters and hence the generated site-specific passwords are compliant with every possible password policy.

Website link:

>> PwdFly uses Scrypt to generate passwords. Scrypt is resistant against brute-force attacks. Password generated from PwdFly are random and contains a mix of all combinations

>> Version Control is a few feature which has been implemented in PwdFly which allows users to generate new passwords without changing the master password.

>> It combines the URL of the site and the email address of the user which is unique in all cases to generate the salt for the Master Password

>> PwdFly never stores the master password anywhere and hence they are not vulnerable to attacks that occur due to lack of encryption, not adding salt etc. It just generates the site-specific password on the client-side

>> Source code is publicly available and hence users need not trust the software blindly. Its always going to be a free software.

>> Its omnipresent as it is available as an extension, website and an android app. It requires no internet connection

>> The extension places the password directly onto the password field of the website for which password is being generated. This prevents users from copying passwords to clipboard or sticky notes

>> Generalisation of URL has been implemented.Irrespective of the different login links a website has it generalizes the URL considering only the domain name excluding the extension. For example : It strips the URL to Facebook for login links like,

>> PwdFly is purely a client-side application as it uses JavaScript implementation of Scrypt. Master Passwords are never sent over the network and not vulnerable to MITM attacks

Related posts

Pinboard Tools


New Tab - Eromanga-sensei


ActivCast Sender


New Tab - Log Horizon


Comments are closed.