A password generator for website logins based on a single, private passphrase. This is a self-contained, statically compiled application which runs on the command line or as a simple gui, and does not require an internet connection.
Go Makefile
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.




This project is inspired by oneshallpass but is written in Go instead of javascript, and runs as a self-contained, statically compiled binary, either on the command line or as a gui, instead of a web browser.

The technical implementation is similar, i.e., HMAC-SHA512() hashing a combination of the host, username, generator and indicator numbers, but using scrypt instead of PBKDF2 for generating the shared private key (dk) value from the passphrase.

Building and Installing

This program now comes in two versions, a command line interface (cli), and a graphical user interface (gui).

In order to build the gui version, you will need this library (optional):

$ go get github.com/mattn/go-gtk/gtk

Note that go-gtk requires that the GTK-Development packages for your system are already installed.

Next, import these two repositories (required):

$ go get github.com/howeyc/gopass
$ go get github.com/dpapathanasiou/go-one-password

Use the Makefile to build either or both versions:

$ make all # build both the cli and gui versions
$ make cli # build just the cli version
$ make gui # build just the gui version

Command Line Interface Version

The resulting binary is go-one-password-cl.

Update your $PATH to include the folder where go-one-password-cl was built, and add a shorter alias, if you prefer (e.g., "g1p", assuming that doesn't conflict with anything on your system).

Graphical User Interface Version

The resulting binary is go-one-password-ui.

You can add a launcher from your desktop menu to run it that way, if you prefer.


The core idea is that by remembering just one quality passphrase (known only by you), you can generate unique and secure passwords for multiple website logins.

There are many different ways of selecting a quality passphrase, but if you cannot come up with one on your own, there are several free sites which can pick one for you.

Once you settle on a passphrase, just make sure you commit it to memory; it's not stored anywhere by this code, and if lost or forgotten, is unrecoverable.

Command Line Interface Version

If you forget how to use go-one-password-cl type it (or whatever alias you've used for it) in a shell prompt followed by "-help":

$ g1p -help
Usage of g1p:
  -host="": (required) the website you want to login to (e.g. "amazon.com")
  -plen=16: (optional) set the resulting password length (the default is 16)
  -spec="": (optional) if the website requires one or more "special" characters in the password (e.g., "#%*" etc.) specify one or more of them here
  -user="": (required) the username or email address you use to login

Usage Examples

Here's how to use it in practice (the passphrase is asked in an interactive prompt, instead of from a command line argument, because we don't want to save the passphrase in your shell history by accident).

Note that while the passphrase is hidden on Mac OSX, Windows and Linux systems, it may appear as viewable text on other operating systems. To keep the passphrase text hidden on such systems, use the gui version instead.

$ g1p -host example.org -user me@example.com
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for example.org logging in as user me@example.com is:


This is another example, for when the site requires one or more "special" characters:

$ g1p -host example.org -user me@example.com -spec="#%"
What's your passphrase? (or ctrl-c to quit) close introduced when lunch
Your password for example.org logging in as user me@example.com is:


Graphical User Interface Version

The gui version supports all the same features of the cli version, with the additional benefit that it hides the passphrase by default:

Passphrases can be made visible if desired, and "special" characters work too: