Fork me on GitHub

Passup.js

A hacker's tool for keeping web passwords up-to-date.

Passup.js is a password updater built on CasperJS and PhantomJS that takes some of the pain out of rotating web passwords.


    $ npm install -g passup
                        

What is Passup.js?

Security experts recommend updating account passwords frequently to mitigate the damage inflicted by a compromised password. However, most of us maintain multiple web accounts and have hardly updated a handful of passwords before it's time to rotate again.

Passup.js is a password updater built on CasperJS and PhantomJS that takes some of the pain out of rotating web passwords.

How does it work?

Passup includes simple adapters for major websites and uses a headless web browser to automate the process of changing your passwords. Passup allows you to configure a list of sites you use for each password and update each group of sites by typing the password only once. So, for example, if you use the same password for all your social media sites and throwaway accounts, you can bulk update them with a single command.

Getting Started

Installation with npm


    $ npm install -g passup
    $ passup config
    $ passup
                        

Installation with Vagrant

If you don't have Node.js installed or prefer Vagrant, it's pretty straightforward to run Passup inside a Vagrant virtual machine:


    $ git clone https://github.com/alanctkc/passup.js.git
    $ cd passup.js
    $ vagrant up
                        

Once the machine is up and running, ssh in and configure Passup:


    $ vagrant ssh
    $ passup config
                        

Configuration

Your Passup configuration is stored in ~/.passup.json and looks something like this:


{
    "passwords": [
        {
            "name": "amazon-secure",
            "sites": [
                {
                    "adapter": "amazon",
                    "login": "user@email.com"
                }
            ]
        },
        {
            "name": "github-secure",
            "sites": [
                {
                    "adapter": "github",
                    "login": "username"
                }
            ]
        },
        {
            "name": "google-secure",
            "sites": [
                {
                    "adapter": "google",
                    "login": "user@email.com"
                }
            ]
        },
        {
            "name": "mobile-friendly",
            "sites": [
                {
                    "adapter": "facebook",
                    "login": "user@email.com"
                },
                {
                    "adapter": "hackerNews",
                    "login": "username"
                }
            ]
        }
    ]
}
                        

NOTE: Passup.js will never store your passwords anywhere.

Your configuration contains groups of passwords and the sites that use that password. Most adapters only need a login, but it's possible to include more parameters needed for authentication. Check the example configuration to see how each adapter is configured.

You can name your password groups whatever you want, provided they only contain alphanumeric characters, dashes, and underscores.

Available adapters are listed in the passup-adapters repository.

Updating Passwords

Rotate your passwords with the passup command:


    $ passup
                        

To update only a single password group, call passup like this:


    $ passup --password=secure
                        

Or, for a list of passwords:


    $ passup --password=secure,social,shopping
                        

To update only a single adapter, use this command:


    $ passup --adapter=google
                        

Or a list:


    $ passup --adapter=google,amazon
                        

How do the adapters stay updated?

The adapters for various websites are maintained by the developers who use Passup. The more users that contribute Passup.js adapters and use them for their own accounts, the more valuable the repository becomes for everyone.

Adapters are written in a very simple CasperJS syntax. Look here for examples. Please send pull requests to the passup-adapters repository on GitHub for any adapters you create! Additionally, if you find a way to improve an existing adapter, please feel free to submit your contribution.

Digging a little deeper

For more information on contributing adapters refer to the passup-adapters README.