GetMeKey .com
Your Ultimate Password Assistant
-
Simple: Remembering a single secret text is all you need.
-
Secure: Creates unique and unbreakable passwords for all your apps. GetMeKey NEVER transmits or shares any data.
-
Accessible: Use from any platform, even offline.
-
Transparent: Absolute transparency to ensure privacy is at the heart of GetMeKey.
-
Free: No payments, subscriptions, etc. GetMeKey is, and always will be, 100% free.
There are only two dilemmas in life: "What password should I use?" and "What should I use as a second option in my opening quote?". GetMeKey tackles the former.
There are a bunch of ways to manage your passwords. And all of them have some major drawbacks. Let’s mention some of them.
-
Have one single password for everything
-
Single compromised site is all it takes to hack all your accounts
-
-
Keep them in secured file or piece of paper
-
Hard drive or paper can be lost/stolen
-
Online file
-
Cloud: Trusting provider not being sneaky
-
Own hosting: Maintaining the server, making sure it’s accessible
-
-
Generally not easy to find password that you’re looking for
-
-
Use paid password management service
-
Do you really trust these companies?
-
You are being hostage to their subscription plans
-
-
Derive a password out of the app name
-
Similar to having a single password - with few more steps to crack it open
-
GetMeKey is inspired by the last option - with additional cryptographic steps.
Deducing password from app names, in a style of MyNetflixPassword123 is solid idea.
-
You just need to remember how you put it together
-
You don’t need to write it down anywhere
-
You can deduce it immediately, anywhere you are
The problem is, if some compromised or just careless app leaks it, it takes just a few tries, depending on how creative you were, to reverse-engineer it.
That’s where GetMeKey comes in. Combining your secret phrase with the name of the given application and running a cryptographic hash function on top of it, you get a password that:
-
Looks totally random
-
Cannot be reverse-engineered to get the original secret
-
Always gives you same result for the same secret and app combination
Cryptographic hash function is a mathematical algorithm, that you use hundreds of times every day: to establish your banking connection, verify downloaded file, talk privately to your friends in a messaging app, etc.
These functions are widely used and well-known. You can select from a bunch of them inside the GetMeKey. Once you know how all this fits together, you don’t even need GetMeKey to figure out your password - you can use any tool online that deals with cryptography (e.g. https://www.dcode.fr, https://monocalc.com, https://tools.keycdn.com, etc.) to do so.
To generate passwords using GetMeKey, all you need to do is remember your secret phrase. Type it in, add what app you want to get a password for, and, optionally, select a different hashing algorithm.
These steps can be sped up even more by enabling the Recall, Remember, or App Name Prefill functionalities.
A generated password is created by combining your secret with an app name and running it through a hash function. The result is a long pseudorandom text. This text cannot be traced back to the original input. This means, that if one of your generated passwords is leaked, it has no impact on the security of your other accounts.
Anything you write into GetMeKey never leaves your device - every password is generated directly on it. There is absolutely no communication with the outside world, no tracking, and no analytics.
GetMeKey runs in any browser, and there is no backend infrastructure - everything is done directly in the browser.
As long as you have a browser at hand, you can get to any of your passwords. It works even offline, after the first time you open it.
GetMeKey is built and served in such a way that anyone can see and review what it is doing. Every other application minimizes and packs its source code as tight as possible, so it loads faster, but the code becomes unreadable in the process.
GetMeKey works differently - it serves its source code without minimizing or repackaging, so anyone can review it in any DevTools. As the GetMeKey is fairly lightweight, the increased package size is negligible.
The whole idea of GetMeKey is to provide a user-friendly way to hash your secret together with the app name. GetMeKey runs solely on your device and doesn’t need anything else to function. So there is no need for heavy infrastructure - meaning no expenses, no reason to monetize.
GetMeKey is also open-source under ISC license - anyone can use, copy or share the whole code-base for no cost.
As with everything in life, nothing is perfect. But GetMeKey gets damn close! However, it’s fair to mention also these parts.
-
Passwords always have the same format: a fixed security prefix consisting of uppercase, lowercase, numbers, and special characters, followed by the password using only alphanumeric characters. If the app does not support this format, you’ll have to update the password manually.
-
You have to be precise and consistent with the names of the apps that you use. If just one of the letters is off, totally different password will be generated. If a given application is known by multiple names, you have to choose one - eg. x or twitter?
-
God forbid, you reveal your secret and all hashing steps to someone - this someone could then generate all your passwords as would you. However, this is a fundamental issue with any secured system or password manager: if an attacker knows what you know, you are out of luck.
There are two algorithms used in GetMeKey, that are not natively supported in modern browsers:
-
Scrypt
-
Argon2 (deprecated)
Libraries used in the production build of this project are imported directly into its file structure, instead of relying on package-manager.
As we are not using any bundler, it’s just easier to fix import issues manually.
Version: 2.0.1
GIT Hash: f0b3b674c4be7a81adc554a9972c03bfb28d4bed
Needed import fix: Added export to function
export function scrypt(password, salt, logN, r, dkLen, interruptStep, callback, encoding) {
This algorithm is deprecated, as it requires binary file dependency (.wasm) to function. This impacts the fundamental principle of GetMeKey - full transparency and ability to review live source code directly on the device.
Version: 1.18.0
GIT Hash: d73916b8efad2ef47140a52acd48b166a4ba97bf
Needed import fix: Change paths inside argon2.js (renamed to argon2-init.js) to reflect our folder structure
ISC License
Copyright 2024 GuyDea <info@getmekey.com>
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.