Passwords are used as the main authentication method in almost all of the current websites. They are easy to implement (from the websites owner point of view), however the user must consider several conflicting goals if s/he wants to stay safe:
- Passwords should be long
- The user must be able to remember the password
- It should not be composed out of words which can be found in the dictionary
- It should be different for every website / location so that if a location is compromised, the attacker can not use the obtained password to log in to other places.
- It can generate passwords of any length and complexity so you can tune it to what a site is able to accept.
- The generated password is completely deterministic (meaning that given the same inputs and settings it will always generate the same output), however it is very unlikely that based on the output somebody could determine the master password even if the modifier is known, since the generation is based on the SHA1 algorithm.
Stay safe. And remember, you can always use the random password generator to generate secure passwords which fit your needs.
One final remark: you might ask: why is this hosted on a free server? And isn’t using the bookmarklet a privacy risk, since it communicates the server what page I want to generate the password for? The answer is: I use a free server because I don’t have money currently to pay for a hosting service. Because this runs 100% client side (and again, you can look at the source to make sure of this), there is no data transmitted back to the server which would compromise your security. As for the case when you use the bookmarklet to show a prepopulated version of the page: the server again only sees the fact that you are requesting the page, anything after the # sign isn’t sent to the server, but rather interpreted by the browser.