UseFacil is Simple web tool for generating multiple secure passwords for your favorite online services or websites using a memorable master password of your choice.
This script operates directly in your browser using JavaScript, ensuring that no passwords are stored or collected in any way. You can find the source code on GitHub at password-generator, where you can experiment with it.
Number(eg. 123..)
Alphabets lowercase(eg. abc...)
Alphabets uppercase(eg. ABC...)
Symbols
To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method,
and keep your online accounts safe, you should notice that:
1. Do not use the same password, security question and answer for multiple important accounts.
2. Use
a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase
letter and one special symbol.
3. Do not use the names of your families, friends or pets in your
passwords.
4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social
security numbers, and so on in your passwords.
5. Do not use any dictionary word in your passwords.
Examples of strong passwords: ePYHc~dS*)8$+V-' , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Examples of weak
passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.
6. Do not use two or
more similar passwords which most of their characters are same, for example, ilovefreshflowersMac,
ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these
passwords are stolen.
7. Do not use something that can be cloned( but you can't change ) as your
passwords, such as your fingerprints.
8. Do not let your Web browsers( FireFox, Chrome, Safari,
Opera, IE, Microsoft Edge ) to store your passwords, since all passwords saved in Web browsers can be
revealed easily.
9. Do not log in to important accounts on the computers of others, or when connected
to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
10. Do not send sensitive information online
via unencrypted( e.g. HTTP or FTP ) connections, because messages in these connections can be sniffed with
very little effort. You should use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec whenever
possible.
11. When travelling, you can encrypt your Internet connections before they leave your
laptop, tablet, mobile phone or router. For example, you can set up a private VPN with protocols like
WireGuard( or IKEv2, OpenVPN, SSTP, L2TP over IPSec ) on your own server( home computer, dedicated server or
VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your computer and
your own server and configure Chrome or FireFox to use socks proxy. Then even if somebody captures your data
as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer,
they'll won't be able to steal your data and passwords from the encrypted streaming data.
12. How
secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a
hacker has stolen your username and the MD5 hash value of your password from a company's server, and the
rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly. To check the
strength of your passwords and know whether they're inside the popular rainbow tables, you can convert your
passwords to MD5 hashes on a MD5 hash generator, then decrypt your passwords by submitting these hashes to
an online MD5 decryption service. For instance, your password is "0123456789A", using the brute-force
method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting
its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack
it? You can perform the test yourself.
13. It's recommended to change your passwords every 10 weeks.
14. It's recommended that you
remember a few master passwords, store other passwords in a plain text file and encrypt this file with
7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password
management software.
15. Encrypt and backup your passwords to different locations, then if you lost
access to your computer or account, you can retrieve your passwords back quickly.
16. Turn on 2-step
authentication whenever possible.
17. Do not store your critical passwords in the cloud.
18.
Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name
carefully, it's a good idea to check the popularity of a website with Alexa toolbar to ensure that it's not
a phishing site before entering your password.
19. Protect your computer with firewall and antivirus
software, block all incoming connections and all unnecessary outgoing connections with the firewall.
Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of
the installation package whenever possible.
20. Keep the operating systems( e.g. Windows 7, Windows
10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices(
e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security
update.
21. If there are important files on your computer, and it can be accessed by others, check if
there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when
you feel it's necessary.
22. If there are WIFI routers in your home, then it's possible to know the
passwords you typed( in your neighbor's house ) by detecting the gestures of your fingers and hands, since
the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen
keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft
keyboard ) changes layouts every time.
23. Lock your computer and mobile phone when you leave
them.
24. Encrypt the entire hard drive with VeraCrypt, FileVault, LUKS or similar tools before
putting important files on it, and destroy the hard drive of your old devices physically if it's
necessary.
25. Access important websites in private or incognito mode, or use one Web browser to
access important websites, use another one to access other sites. Or access unimportant websites and install
new software inside a virtual machine created with VMware, VirtualBox or Parallels.
26. Use at least
3 different email addresses, use the first one to receive emails from important sites and Apps, such as
Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one(
from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the
first one( e.g. Yahoo Mail ) is hacked.
27. Use at least 2 differnet phone numbers, do NOT tell
others the phone number which you use to receive text messages of the verification codes.
28. Do not
click the link in an email or SMS message, do not reset your passwords by clicking them, except that you
know these messages are not fake.
29. Do not tell your passwords to anybody in the email.
30.
It's possible that one of the software or App you downloaded or updated has been modified by hackers, you
can avoid this problem by not installing this software or App at the first time, except that it's published
to fix security holes. You can use Web based apps instead, which are more secure and portable.
31. Be careful when using online paste tools and screen capture tools, do not let them to upload
your passwords to the cloud.
32. If you're a webmaster, do not store the users passwords, security
questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512
)hash values of of these strings instead. It's recommended to generate a unique random salt string for each
user. In addition, it's a good idea to log the user's device information( e.g. OS version, screen
resolution, etc. ) and save the salted hash values of them, then when he/she try to login with the correct
password but his/her device information does NOT match the previous saved one, let this user to verify
his/her identity by entering another verification code sent via SMS or email.
33. If you are a
software developer, you should publish the update package signed with a private key using GnuPG, and verify
the signature of it with the public key published previously.
34. To keep your online business safe,
you should register a domain name of your own, and set up an email account with this domain name, then
you'll not lose your email account and all your contacts, since your can host your mail server anywhere,
your email account can't be disabled by the email provider.
35. If an online shopping site only
allows to make payment with credit cards, then you should use a virtual credit card instead.
36.
Close your web browser when you leave your computer, otherwise the cookies can be intercepted with a small
USB device easily, making it possible to bypass two-step verification and log into your account with stolen
cookies on other computers.
37. Distrust and remove bad SSL certificates from your Web browser,
otherwise you will NOT be able to ensure the confidentiality and integrity of the HTTPS connections which
use these certificates.
38. Encrypt the entire system partition, otherwise please disable the
pagefile and hibernation functions, since it's possible to find your important documents in the pagefile.sys
and hiberfil.sys files.
39. To prevent brute force login attacks to your dedicated servers, VPS
servers or cloud servers, you can install an intrusion detection and prevention software such as LFD( Login
Failure Daemon ) or Fail2Ban.
40. If it's possible, use cloud based software instead of install the
software on your local device, since there are more and more supply-chain attacks which will install
malicious application or update on your device to steal your passwords and gain access to top secret
data.
41. It's a good idea to generate the MD5 or SHA1 checksums of all files on your computer( with
software like MD5Summer ) and save the result, then check the integrity of your files( and find trojan files
or programs with backdoor injected ) every day by comparing their checksums with the result saved
previously.
42. Each large company should implement and apply an Artificial Intelligence-based
intrusion detection system( including network behavior anomaly detection tools ).
43. Allow only IP
addresses that are whitelisted to connect to or log into the important servers and computers.
Please follow above instructions of UseFacil.
We do not store any passwords.
Your privacy is important to us. It is UseFacil's policy to respect your privacy regarding any information we may collect from you across our website UseFacil, and other sites we own and operate.
We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.
We don’t share any personally identifying information publicly or with third-parties, except when required to by law.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.
You are free to refuse our request for your personal information, understanding that we may not be able to provide you with some of your desired services.
Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.
The user commits to make appropriate use of the contents and information that UseFacil offers on the website and with an enunciative but not limiting character:
We hope this is clear, and as previously mentioned, if there is something that you aren't sure whether you need or not, it's generally safer to leave cookies enabled in case it interacts with one of the features you use on our site.
This policy is effective from March 15, 2024, at 18:12.
By accessing the UseFacil website, you agree to comply with these terms of service, all applicable laws, and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.
Permission is granted to temporarily download one copy of the materials (information or software) on the UseFacil website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license, you may not:
This license shall automatically terminate if you violate any of these restrictions and may be terminated by UseFacil at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
In no event shall UseFacil or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on UseFacil, even if UseFacil or a UseFacil authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
The materials appearing on the UseFacil website could include technical, typographical, or photographic errors. UseFacil does not warrant that any of the materials on its website are accurate, complete, or current. UseFacil may make changes to the materials contained on its website at any time without notice. However, UseFacil does not make any commitment to update the materials.
UseFacil has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by UseFacil of the site. Use of any such linked website is at the user's own risk.
UseFacil may revise these terms of service for its website at any time without notice. By using this website, you are agreeing to be bound by the then current version of these terms of service.
These terms and conditions are governed by and construed in accordance with the laws of UseFacil and you irrevocably submit to the exclusive jurisdiction of the courts in that state or location.
UseFacil is a free website that brings together several online tool involving generate password, is Simple web tool for generating multiple secure passwords for your favorite online services or websites using a memorable master password of your choice.!
All information provided on this website, UseFacil Free Online Tools and Apps, is for educational and informational purposes only. We strive to keep the information up to date and correct, but we make no warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website. website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of the use of or in connection with this website.
Through this website, you may access other websites that are not under the control of UseFacil Free Online Tools and Applications. We have no control over the nature, content and availability of these sites. The inclusion of any links does not necessarily imply a recommendation or endorsement of the views expressed within them.
Every effort is made to keep the site running smoothly. However, UseFacil Free Online Tools and Apps is not responsible for the site being temporarily unavailable due to technical issues beyond our control.
Use of this site constitutes acceptance of the terms of this disclaimer. If you do not agree to these terms, please do not use our website.
For any questions or concerns about our disclaimer, please contact us.