FusionKey released

FusionKey, just released in the Chrome and Firefox web stores, packs into a single icon all the power of PassLok and SynthPass. It makes a high-security password when you want to fill a password. It decrypts an encrypted message if there is one, and makes a new encrypted reply. It integrates with every web mail service in existence. And, like all my other apps, FusionKey is free.

It all started with this issue: sure, PassLok for Email is nice, but it only works with Gmail, Yahoo, and Outlook online; what if I want encrypted  communicate with people outside of those services? After all, if I only communicate within one service, then all data transfers are internal and not exposed to being intercepted the way they would be between two different services. The problem is that different email services have different interfaces, and integrating PassLok with a lot of them becomes a nightmare. Other encryption-based extensions, like Mailvelope for instance, already promise integration with pretty much any email service.

So I started work on a “PassLok Universal” extension much like PassLok for Email, but capable of integrating with many different web mail services. I looked to Mailvelope for inspiration, and this is what I found out: if you look at its code, Mailvelope actually doesn’t even try to integrate outside of the webmail “Big Three.” Somewhat discouraging, but also an opportunity. Fortunately, some of the page analysis tricks I used in SynthPass worked pretty well, and soon I had a prototype extension that found PassLok-encrypted material in a page and then opened PassLok in a popup to decrypt it. Encryption was merely a matter of detecting the presence of large input fields such as email compose and reply boxes.

Then it occurred to me that password input and email pages are completely different sorts of pages and it would be okay if the extension could also fill passwords like SynthPass does. Looking for a name, I thought of “FusionPass,” since the app was going to be the fusion of SynthPass and PassLok. I made a nifty icon that ended up looking like an F and also like a key, and then “FusionKey” was born, which is also easier to say and remember. I hope this isn’t very confusing.

So there you have it, FusionKey is both PassLok and SynthPass wrapped into one. Depending on where you are, clicking its icon opens one app or the other, using the same Master Key. The entire PassLok is included, not just a subset of its functions as in PassLok for Email. This means there is Anonymous encryption as well as signatures, splitting, and a number of text-hiding methods. The version of SynthPass included is also more powerful than ever, as now it has the ability to store (encrypted) user-generated passwords like all mainstream password managers while still avoiding the use of servers.

You can get FusionKey through these links:

Chrome extension: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam

Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/

Enjoy!

7 thoughts to “FusionKey released”

  1. I can’t get FusionPass to work with changing my password on PayPal. For some reason it only fills in the second password box. So I went to https://synthpass.com/app/, put paypal.com as the name.suffix, with length 20 (max for PayPal), and this password works. But I have to use synthpass.com/app everytime to login. PayPal isn’t accepting whatever FusionPass is outputting, even though I used the same length = 20 parameter. And the address bar says https://www.paypal.com.

    1. Thanks for the feedback. Yes, some websites try hard to make things difficult. I’ll look into fixing things for PayPal on the next update.

      1. Strangely it does fill in all box now when I change my password. But PayPal will not allow me to login with the new password. So I must continue to use synthpass.com/app.

        1. This may be because of special requirements on the length of the password or special characters. You can specify them through the “Length” box. The “Where are the Options” question on the Help tab tells you all about it.

  2. I’d like your advice on signing email to prevent scamming. We have a 100-yo NPO and a lot of our leaders’ emails are public. We’ve had scammers pretend to be the leaders of the group asking subordinates to purchase things (like Amazon gift cards) by way of email. I’d like for the leaders to use ‘signing’ to make sure emails sent out are authentic.

    What is the easiest way to do that without having to impose on the recipients to install software or use a particular email client?

    1. Of course, people usually fall for this because simply they don’t look hard at the sender’s address. But there’s also the situation where you get targeted and some “professional” sends the email from the “correct” address, which is possible since emails travel in the clear and can be intercepted and their metadata can be modified in transit. Asymmetric encryption or digital signing combats this, but then users must have obtained the senders’ public keys (“Locks” in FusionKey parlance) from a reputable source. Using additional software or extension is unavoidable, since email clients do not yet support this (easily).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.