Compare with http://supergenpass.com/

I got a similar idea when I saw this link. But I think it would be better to have it as a browser extension that automatically hashes the password/passphrase for you, depending upon the site. Different salt for different website, that changes on the click of a button(to deal with enforced password expiration, or password changes), and maybe a different hashing algorithm for different levels of sites.

I don't no why you would want to use a different type of hashing. As for the changing passwords issue you could bump your sitename. For example...

site: 1twitter

site: bump-facebook

Just use a bumping method, it isn't the best... but it works. You could always change the number of characters around also.

Could use different passwords for different levels, no need to different hashing algorithms.

And its pretty much the same thing isn't it - different salt vs bumping the site name.

Different levels still doesn't work when changing your password. If twitter made me change my password, it wouldn't increase or decrease on my level of importance scale.

The idea is to have one password, with a salt(or service name) for all services. To make it a little more secure, you could set up different levels - email and social, news sites, games..., basically any way you want to do it, and have a different passphrase for each level. When changing passwords, you just need to change the salt of that particular service.

A similar service was posted by someone else here yesterday. There is only one problem with this scheme of password generators and managers: you have to keep track of multiple key phrase when your password expires. If you are recording keyphrase with the service name (two words) on continuous basis, than you might as well use a local password manager to genera/record a password.

you can always bump your service name.

For example,

twitter#username facebook#username

to

twitter-username facebook-username

You will have to remember your naming scheme multiple times in a year and continuously in the future. People should be changing their password at least every three months. This password scheme wouldn't work in a long run.

This is actually pretty interesting.

Edit: - Is it open source? Shouldn't be hard to replicate, but I'm just wondering....

this looks very browser focused. I like this option mainly due to the ability to force the use of a symbol, uppercase, lowercase, and numbers so you don't have to worry about password requirements.

Nifty, although it's going to cause problems (or at least be harder to use) on sites that enforce password expiration and prevent re-use of previous passwords. But I use a proper password manager for those anyway.

A single "allow invalid certificate" mistake renders the whole thing useless though.

If someone does a man-in-the-middle attack on a clueless user, the user may accept an invalid certificate for your site because they are rushing through to go get one of their passwords. Offline password managers are better at mitigating the non-security-minded user problem.

can you expand on that?

and give my password to you? why is that better?