FusionKey, just released in the Chrome and Firefox web stores, packs into a single icon all the power of PassLok and SynthPass. It makes a high-security password when you want to fill a password. It decrypts an encrypted message if there is one, and makes a new encrypted reply. It integrates with every web mail service in existence. And, like all my other apps, FusionKey is free.
It all started with this issue: sure, PassLok for Email is nice, but it only works with Gmail, Yahoo, and Outlook online; what if I want encrypted communicate with people outside of those services? After all, if I only communicate within one service, then all data transfers are internal and not exposed to being intercepted the way they would be between two different services. The problem is that different email services have different interfaces, and integrating PassLok with a lot of them becomes a nightmare. Other encryption-based extensions, like Mailvelope for instance, already promise integration with pretty much any email service.
So I started work on a “PassLok Universal” extension much like PassLok for Email, but capable of integrating with many different web mail services. I looked to Mailvelope for inspiration, and this is what I found out: if you look at its code, Mailvelope actually doesn’t even try to integrate outside of the webmail “Big Three.” Somewhat discouraging, but also an opportunity. Fortunately, some of the page analysis tricks I used in SynthPass worked pretty well, and soon I had a prototype extension that found PassLok-encrypted material in a page and then opened PassLok in a popup to decrypt it. Encryption was merely a matter of detecting the presence of large input fields such as email compose and reply boxes.
Then it occurred to me that password input and email pages are completely different sorts of pages and it would be okay if the extension could also fill passwords like SynthPass does. Looking for a name, I thought of “FusionPass,” since the app was going to be the fusion of SynthPass and PassLok. I made a nifty icon that ended up looking like an F and also like a key, and then “FusionKey” was born, which is also easier to say and remember. I hope this isn’t very confusing.
So there you have it, FusionKey is both PassLok and SynthPass wrapped into one. Depending on where you are, clicking its icon opens one app or the other, using the same Master Key. The entire PassLok is included, not just a subset of its functions as in PassLok for Email. This means there is Anonymous encryption as well as signatures, splitting, and a number of text-hiding methods. The version of SynthPass included is also more powerful than ever, as now it has the ability to store (encrypted) user-generated passwords like all mainstream password managers while still avoiding the use of servers.
You can get FusionKey through these links:
Chrome extension: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam
Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/
Enjoy!
I can’t get FusionPass to work with changing my password on PayPal. For some reason it only fills in the second password box. So I went to https://synthpass.com/app/, put paypal.com as the name.suffix, with length 20 (max for PayPal), and this password works. But I have to use synthpass.com/app everytime to login. PayPal isn’t accepting whatever FusionPass is outputting, even though I used the same length = 20 parameter. And the address bar says https://www.paypal.com.
Thanks for the feedback. Yes, some websites try hard to make things difficult. I’ll look into fixing things for PayPal on the next update.
I’m sorry, but I cannot reproduce your error, at least with my PayPal login. In my case, all boxes fill in. If you want to add more info or report other bugs, the place to do it is FusionKey’s GitHub page at https://github.com/fruiz500/FusionKey-extension
Strangely it does fill in all box now when I change my password. But PayPal will not allow me to login with the new password. So I must continue to use synthpass.com/app.
This may be because of special requirements on the length of the password or special characters. You can specify them through the “Length” box. The “Where are the Options” question on the Help tab tells you all about it.
Sadly the extension is not compatible with most of the websites I’ve used since installing it (I still cannot get it to work with PayPal and it’s not apparent why). I constantly find myself having to open the SynthPass app in a new tab, after finding the FusionKey extension causes inexplicable bugs. For me, it would be VERY valuable for FusionKey to copy the password to my clipboard so I can manually paste it into the login pages. Or, at least do what SynthPass does, and output the password in plaintext so I can copy it myself.
Send me an email to fruiz500@gmail.com with some website URLs you’re trying to use FusionKey with, and I’ll do some testing. Thanks for the feedback!
I’d like your advice on signing email to prevent scamming. We have a 100-yo NPO and a lot of our leaders’ emails are public. We’ve had scammers pretend to be the leaders of the group asking subordinates to purchase things (like Amazon gift cards) by way of email. I’d like for the leaders to use ‘signing’ to make sure emails sent out are authentic.
What is the easiest way to do that without having to impose on the recipients to install software or use a particular email client?
Of course, people usually fall for this because simply they don’t look hard at the sender’s address. But there’s also the situation where you get targeted and some “professional” sends the email from the “correct” address, which is possible since emails travel in the clear and can be intercepted and their metadata can be modified in transit. Asymmetric encryption or digital signing combats this, but then users must have obtained the senders’ public keys (“Locks” in FusionKey parlance) from a reputable source. Using additional software or extension is unavoidable, since email clients do not yet support this (easily).
Hi, I’m quite interested in this type of AIO solution, but being novice in this I have to admit I find it rather unintuitive to use. Can’t you make some step-by-step tutorial with screenshots or a videotut for the most common user cases, such as webmail, IM etc… From this point of view, a GUI like Flowcrypt is more user-friendly for the uninitiated… Anyway thanks for the job and if you could produce some tuts, thanks in advance !
Nice idea! I’ll work on that after I release PassLok for Email 0.5, which right now is taking all my energy. I’m learning a lot that will go into improving FusionKey as well.