KFKC: Key-Free Key-Chain

Works with Firefox 3.0-3.6
Version 0.4
Updated March 15, 2010
Developer Laurent Hubert
Homepage http://www.trebuh.net/kfkc
Downloads http://www.trebuh.net/kfkc/kfkc-0.4.xpi


KFKC is a kind of password manager, or key-chain, that offers a very high level of security as it does not need to store any of your passwords. It has been imagine with Olivier Heen during a coffee break while we were both working at the Irisa Lab.

As most people, you probably often use the same password on many different website to avoid to remember tens of passwords. You may also use a different password for each website, but then you need your browser to remember them. This is a security risk, and it prevents you from using another computer where your passwords are not yet register.

If you use the same password for several accounts, then a if someone can have access to your password (either by hacking a (poorly) secured web server or because it is the webmaster himself), he can try to use this same password for your other accounts.

KFKC generates a different password for each website depending on a master password and on your login. It is based on a strong cryptographic algorithm (SHA-1) and it is impossible to guess you master password or other generated password even if many generated password are lost/compromised.

KFKC offers another advantage: it is robust to fishing as the generated password depends on the server.

However, this software has also some drawbacks (that could be overcome): if you want to change one of your password, you currently need to change them all.

A kind of online version is available here.


To display the KFKC bar, go to the "Tools" menu, and then "Show/hide KFKC". The shortcut should be shown next to the menu item (it depends on your system, it should be Alt-Ctrl-K on Windows and Command-Option-K on Mac OS X but this could be otherwise).

Bugs and other suggestions

If you have found a bug or have any comment you would like to make to the author, feel free to contact me at laurent(@)trebuh.net.

This website uses Google Analytics