HashPass is an unconventional password generator that hashes text and converts them to strong passwords
Password managers make our lives easier, and online identities a little safer. The best part is that they create complex passwords and you don't have to remember those. Password managers like KeePass come with excellent options to create unique strong passwords, but the same cannot be said for some of the password management solutions out there.
HashPass is a standalone program that has a transparent interface, with a virtual keyboard called the matrix. Use the mouse to select the letters. You need to set up a master password for encryption. The interface pops-up in random locations on the screen, as you click on the letters. The developer calls this the "dancing" keyboard. When not in use, the program is minimized to the system tray.
In case you aren't aware, there is a form of malware which observes keystrokes and uses it for malicious purposes (such as transmitting it to hackers), these are called keyloggers. HashPass bypasses the risks posed by keyloggers using its dancing keyboard, and avoiding the "SendKeys" input method used by normal keyboards. This also works with the mouse, since it supports drag-and-drop and this way it does not send the data to the clipboard.
HashPass does not save your passwords, even the master password isn't saved. Instead, the program relies on hashing the text into encrypted code, hence the name, HashPass. You can choose among four output formats: Letters, Numbers, Alphanumeric, and Special Characters.
Let's see how this works. Open Hashpass and set up a master password (I used ghacks), and click on the initialize button. Place the cursor in the test box and type something in it (even a single letter is enough). The content will be masked and appear as boxes. Click on the Generate button, and HashPass will minimize itself, and send the value to the clipboard.
Paste it anywhere, and you will see a randomized code. This becomes your password, that you can use with any website or service. We'll use the word test. HashPass hashes the text and creates a password like YVZVFCEDQZNDAMN.
Think of it as a translator that converts the text you type into a strong password. Since there is no database to save the passwords to, you will need to remember the content that you entered. For example, you could use the service's name or your username, as the reference word, this way you won't forget it.
What if someone guesses my reference word? Can they obtain my password? No, because the passwords generated by HashPass are tied to your master password. It acts as the key to decrypt and hash the value to display the output.
For example: Two people use the application. Each have a different master password. But they both enter the word "CAT" as the reference word, and the rest of the settings are the same. The generated passwords will be different, even though they used the same "text". If that doesn't reassure you, you can always include numbers, symbols, change the case of a few letters, or set the output to a different length, to strengthen the password even further.
HashPass will automatically minimize when you switch to a different window, and it will stop after the timer runs out. It is set to close after 10 minutes, though you can customize it. Similarly, the program clears the clipboard after 10 seconds, but you can change this as well.
You can define the length of the password that's generated. The only other options available in the program are auto paste, which as the name suggests inputs the created password automatically, and drag mode which is used for the drag-and-drop mode. The tray icon's color changes to indicate the clipboard status. Refer to the help file for screenshots of what the changes are.
Verdict
Hashpass is a good password manager, the interface and the help file make it appear intimidating. In reality, it is an extremely user-friendly, unique program. The fact that it does not rely on cloud based services, or even has a local database is a huge plus.
In Ashwin’s article, “Verdict: Hashpass is a good password manager” will be clearly stated, but this program is a “passwords generator”. Can generate a password, but there is no management function such as saving.
For more information, official website:
https://k43j7qqyaikm56je7foidqcomm–visualfantasy-mipropia-com.translate.goog/hash.htm
Ashwin’s article is useful in “Password Issues”, but for password managers (functions such as generation, operation and management), “KeePass Password Safe” and “Bitwarden” are the best choices.
https://www.ghacks.net/2020/10/30/webautotype-is-a-keepass-plugin-that-adds-support-for-autotype-url-matching/#comment-4476641
KeePass Password Safe | Home
https://keepass.info/index.html
First Steps Tutorial – KeePass | KeePass Help Center
https://keepass.info/help/base/firststeps.html
Master Key – KeePass | KeePass Help Center
https://keepass.info/help/base/keys.html
Plugins – KeePass | KeePass Plugins and Extensions
https://keepass.info/plugins.html
Reference information:
Surveillance Self-Defense | Tips, Tools and How-tos for Safer Online Communications | Electronic Frontier Foundation
https://ssd.eff.org/
If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here:
https://www.privacytools.io/software/passwords/
Results of Bitwarden security audit published
https://www.ghacks.net/2018/11/13/results-of-bitwarden-security-audit-published/
As a supplement:
Introduction – KeePass | KeePass Help Center
https://keepass.info/help/base/index.html
Technical FAQ – KeePass | KeePass Help Center
https://keepass.info/help/base/faq_tech.html
Detailed information on the security of KeePass.
https://keepass.info/help/base/security.html
Obligatory reading for users of password generators basing on hashing master password (so called “deterministic password generators”): https://palant.info/2016/04/20/security-considerations-for-password-generators/
Considering that app you described isn’t even open source the probability of using some weak hash function is very high and beeter to avoid it.