You've probably heard or been told that you should use a different password for each website that you use and that the passwords should be complex and non-guessable. But remembering all of those passwords is not something that most of us are capable of.
TwistPass is a free tool that lets you have a different password for each website that you use, while only having to remember one of them.
TwistPass takes 2 pieces of data: your one memorised password, and the domain name of a website; and puts them through a one-way mathematical algorithm to produce a unique result, which is a password that you can use for that website. Each time you enter your memorised password and the same domain name, TwistPass will produce exactly the same result. This means that although it never stores any of your data, it can always regenerate any of your passwords for you.
The algorithm is mathematically irreversible, meaning that if you log in to a malicious website, they can't use the generated password that you give them to calculate what your master password is. However, they could still use a process of trial and error in which they keep entering guesses of your master password into TwistPass until they get a result which matches the generated password that you gave them. It is for this reason that your master password should be long and obscure. See our password tips for help.
Each time you find yourself signing up to yet another website and you need a password, use TwistPass to generate a you a unique password for that site using your master password. Then each time you need to log into that site, just return to TwistPass, enter your master password and the name of the site, and it will tell you what your password for that site is. You will have the security benefit of having a different password for every website that you use, but you will only ever have to remember your one master password.
Some websites require that your password to fit certain criteria. TwistPass guarantees that each password it generates for you will contain at least 1 uppercase letter, 1 lowercase letter, 1 digit and 1 punctuation character. However, because TwistPass never remembers your generated passwords, it cannot alter them to meet other arbitrary criteria.
In short, you're screwed. If you're afraid that you'll forget your master password then perhaps don't change your email password to use TwistPass just yet. You can usually reset your password for most accounts by asking for a password reset link to be emailed to you. So keeping your existing email password until you've fully memorised your master password should avoid any dire problems.
It's worth noting, that because you enter your master password into TwistPass each time you generate a password for an account, you will type it a lot of times, and will therefore become very familiar with it.
Let's assume that you use the same password for everything, your email, social media accounts, online shopping accounts, the lot. Assuming that you sign up for most of those accounts using your email address, that means that your login details for each account are identical. So it only takes one of those websites to either be mallicious, or to get hacked in a way that allows attackers to steal users' passwords, and your login details for all of your accounts are now stolen.
You may also like to read about Ways in which your password can be stolen. The bottom line is, you should use a different password for every website that you use.
We never transfer any of your data to our severs. Don't believe us? Go to the Generator page and then turn off your wifi/data connection - it still works!
Still don't believe us? If you (or someone you know) can understand HTML and Javascript code then you can inspect the source code of the site. For ease of viewing, you can find the code on GitHub.
It may be that some of the services that you use require you to change your password after a certain amount of time. If this is the case then with TwistPass you essentially have 2 choices: you can either amend the generated password, or you can use a different master password which will generate completely different passwords for you.
Given that rotating your passwords regularly is a good idea anyway, you might consider changing your master password once a year. This will mean that the generated passwords will all change, and so you will need to change the passwords for all of your accounts accordingly, but you could change them gradually as you log into each one, slowly transitioning to your new master password.