gPass
Item media 1 screenshot

Overview

gPass : global password manager

gPass : global Password for Firefox and Chrome Introduction gPass is an online, open source and self hosted password manager. It helps you to have a different and complex password for every account you own while only remembering one (or multiple) passwords ! To have a high level of security, all information is stored encrypted (salt + AES 256-CBC). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it brute force or leak your masterkey) ! Thus it's important to choose a strong masterkey ! Usage First thing is configuration : 1) Enable the extension for private browsing 2) Install your server (see below), or use the demonstration one and create your accout 2) Go to extension options and configure your server address ("https://server name/account") 3) Populate your password database. You can use "*" character to access to all subdomains of a specific website (ie *.google.com). Then usage : When you're in a login form and you want to use gPass, type your login (case sensitive !) and fill "@@masterkey" in password field (only if gPass icon is green !). Then submit and password will automatically be replaced by the one in the database (after addon decrypt it). **You can also type "@_masterkey" to only replace your password without automatic submit. This allows to support more websites.** Another option is to enter your credentials in the new popup menu by clicking on gPass icon. If it's possible, gPass will auto fill password field, if not result password is stored into your clipboard. **Popup path is a safest method as website page will never see your masterkey.** ** Warning ** : Sometimes, addon could make some websites unusable, especially for login form. In this case, you can deactivate it for only one website by clicking right on gPass icon and "disable or enable gPass for this website" in addon menu. It's a local configuration, so it must be done for each browser. gPass can also be disabled for ALL websites thanks to addon menu "Disable or enable gPass for ALL websites". _When gPass is disabled, you can still use popup feature_. Server To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in resources. Since v0.8 and the use of Crypto API, **it's manadatory to have an HTTPS access (valid SSL/TLS certificate) to the server**. Without that, the decryption will fails. Configuration parameters are in conf.php A demonstration server is available [here](https://gpass-demo.soutade.fr). It's the default server configuration for fresh installed addon (user demo). **Warning** The master key derivation is partially based on account URL. So it's linked to your current server information. You can't move databases from servers with different URLs, you need to export them and import it again. **Server side is available [here](http://indefero.soutade.fr/p/gpass/downloads)** Client Just install the package. You can have debug information by setting DEBUG in main.js. License All the code is licensed under GPL v3. Source code is available [here](https://forge.soutade.fr/soutade/gPass). Privacy Policy Privacy Policy can be found at http://indefero.soutade.fr/p/gpass/source/tree/master/PrivacyPolicy.md

4.2 out of 54 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

A Chrome Web Store userMar 17, 2016

Great Development

0 out of 2 found this helpful
Review's profile picture

Jean FraugierSep 4, 2015

super

Details

  • Version
    1.3
  • Updated
    April 28, 2024
  • Offered by
    soutade
  • Size
    71.1KiB
  • Languages
    English
  • Developer
    Email
    soutade@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

gPass has disclosed the following information regarding the collection and usage of your data. More detailed information can be found in the developer's privacy policy.

gPass handles the following:

Authentication information

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

Related

Hack-Tools

4.7(23)

The all in one Red team extension for web pentester

UniquePasswordBuider

4.0(1)

A strong password generator per site

Intuitive Password®: Password Manager

5.0(3)

Intuitive Password® streamlines your web login experience, allowing you to access any website with just a single click.

Entropass

0.0(0)

Open-source decentralized maximum-security password manager

Hackers toolkit

4.1(25)

Quickly encode or decode string with a certain encryption or get the query for a certain web hacking method.

Passwords

0.0(0)

Generates strong passwords for you.

PassLok for Email

5.0(2)

High security encryption for email. PassLok is in no way associated with Gmail, Yahoo, or Outlook.

Hashword

4.6(5)

Generate a unique, secure password for every web site from one master password.

PwdHash port

4.7(61)

Pwdhash 1.7 for Chrome. Automatically generates per-site passwords if you prefix your password with @@ or F2.

Safe Password Generator

5.0(3)

Allows you to generate securely passwords using cryptographic approach W3C CryptoAPI.

FrustratedTech - Server Admin Tool

3.8(5)

Used to inspect the info about an IP or domain.

PwdFly

5.0(11)

Generate Secure Password on the fly.

Hack-Tools

4.7(23)

The all in one Red team extension for web pentester

UniquePasswordBuider

4.0(1)

A strong password generator per site

Intuitive Password®: Password Manager

5.0(3)

Intuitive Password® streamlines your web login experience, allowing you to access any website with just a single click.

Entropass

0.0(0)

Open-source decentralized maximum-security password manager

Hackers toolkit

4.1(25)

Quickly encode or decode string with a certain encryption or get the query for a certain web hacking method.

Passwords

0.0(0)

Generates strong passwords for you.

PassLok for Email

5.0(2)

High security encryption for email. PassLok is in no way associated with Gmail, Yahoo, or Outlook.

Hashword

4.6(5)

Generate a unique, secure password for every web site from one master password.

Google apps