The What?

The Enigmer. Enigmer is a bit different way of managing your passwords. Firstly, Enigmer helps you to create unique, long and complex passwords easily. Secondly, Enigmer makes the use of those passwords quite simple. Need to change your password? Okay, a few clicks and you're good to go. That's Enigmer.

So, it's just another password manager?

Well, not exactly. Yes, it generates good passwords and makes it simple to change them if necessary. Yes, it writes them down for you, partially. And yes, it helps you to use those passwords without really remembering them. So, it looks like a password manager, but it's really not. There are multiple great Password Managers out there, Enigmer isn't trying to compete with them.

What's the difference between password manager and Enigmer?

Password creation: Enigmer uses user input and user browsing behavior to create good and unique passwords. There's no button that says "create a new password", it's created on the fly. Enigmer needs your help to create it.
Password saving: Enigmer doesn't save your actual passwords. It contains half of the information that's needed to recreate your password. Only piece that's missing is user input.
Password usage: You don't need any external programs to use your passwords. All you need is lov.. uhm ... a browser extension.

Password creator needs my help?

Yes, Enigmer needs a lot of assistance from the user to create a good password. The first step in password creation is to collect some random stuff, this is called the salt. The best way to collect this random stuff is from the user, because computers are a bit stupid when it comes to randomness. Random data is collected from the user browsing habits, e.g. the sites you have visited previously and browser bookmarks (don't worry about your privacy here, this information is used in sort of way that's its impossible to find out, where you've been browsing, see here for more information).
Basic principle
The second step is to get some user input. This input could be called a semi-password.
The Third and last step is to combine the salt and the semi-password. The result is the real, good password.
The way these passwords are created, is nothing new. The innovation of the Enigmer is that now the user can use this system to create his/her passwords.

There's salt? Why and what about pepper?

Well, I just like to spice things up :-) Strictly speaking, salt is a term used in a certain type of login system. A lot of web services uses (all of them should use) this kind of system, when they save your passwords to their databases. When a user logs in to the web service, the user input is sent to the service. The service then combines it with some user specific piece of information (user name, e-mail address, registration date, etc.), called the salt, and compares the result with the data in their database. If they match then the user is allowed to log in.
So, the salt in a sense adds something to the password so that it becomes something very different. It's also noteworthy that by changing the salt, the result becomes very different. This makes changing passwords regularly a bit simpler, because by changing the salt, you'll get a new password (user input stays the same).
It's impossible to know the result if you don't have both pieces, the salt and the user input. It's also impossible (at the least, very difficult) to break down the result back to it's basic components (the result isn't just a simple user input + salt operation, usually something called a hash is calculated from them).

Enigmer creates these salts for you automatically. Salts in Enigmer are unique strings of characters and that guarantees, your passwords are always different from each other. You may use the same input to all the services you log in, but the resulting password will always be different because of different salts.

Okay, what about the password saving weirdness. Why won't you just save my password?

Because security matters. As explained previously, Enigmer uses random data, called salt, and user input in order to generate the password. This means that the password depends on two unrelated things. It's only when they are combined, then the real password is revealed. So, in order to protect the real password, Enigmer saves the other half (salt) and leaves the other one to the user. If one of them get's stolen/leaks out, the bad guy can't do anything with it.
Basic principle behind the design of the Enigmer is, that it (nor I as the designer) doesn't want to know your real passwords. Why should you trust your password to anyone except yourself? Enigmer knows the other half, but the other one comes from the user and it's never saved anywhere or sent to anywhere outside the user's computer.
If some hacker get's the other halves (salts) from the Enigmer, they can't do anything with them.
On the other hand, If the user accidentally reveals his/hers half of the password, it's useless too. In that case the bad guy must get the other half from the Enigmer as well.

I'm not saying that it's impossible to steal/hack both pieces of information, combine them and reveal your password. Of course it's possible (I don't know how to do it, but I'm sure it's possible). I'm saying that Enigmer creates another layer on top of the password and the bad guys have to make the extra effort to get that solved. In other words, the cost of the password is higher, is it even worth it for the criminals anymore?

Enigmer needs user input, like a password, in order to create a password? What? I thought Enigmer was supposed to create it for me!

Enigmer needs the other half in order to be able to create the real resulting password. User input is that second half which is supposed to keep separate from the first half, the salt (see previous chapter). No one said how long or complex the user input should be. I'd highly recommend that your input is long and difficult to guess (I won't be giving any specific guidelines, use your common sense). In case your salt-data get's stolen and the bad guy tries to guess your input, it's very beneficial if your input was long and complex. The criminal might try to use brute force -type breaking software to guess your input, but it wouldn't matter, if your input was difficult enough.

The resulting (real) password is guaranteed to have enough length and complexity no matter what the user input is. If your input is the letter 'a', the resulting password might be 32 characters long and contain all the different types of characters (uppercase and lowercase letters, numbers and special characters), depending on Enigmer settings. If your input is 'the brown fox that jumped over the hedge and found a moose', the resulting password has all the same properties as the previous one, latter example is a bit harder to guess and is there for the preferred one. Of course the input can contain all the different types of characters, like the resulting password itself. It doesn't have to be a password-like input, just difficult enough for any stranger to guess. Use your imagination.

And all of this is used from the browser extension?

Yes. After the setup, Enigmer works behind the scenes and won't bother you in any way. You can manage password properties (length, characters, etc.), password salts and everything else from Enigmer Settings.

Okay, sounds good. Anything else I should know about the Enigmer?

There are a few very important things that you should be aware of before you start using Enigmer.

First a few things about the current state of the Enigmer:

ImportantAfter a lot of information about the usefulness of the Enigmer, I have to be honest: there are some cons in Enigmer which affects the usability of the tool (unfortunately security and usability may never hold their hands together). Some of them are by design, some of them might be fixed in later versions. Nonetheless, I think Enigmer is a good solution for security minded individuals and you have to consider yourself, if this list is too much for you to handle:


After reading all of this, I hope you're still keen on using the Enigmer. You can start by going through the Guides-section, starting from Installation (Guides - Installation).