Occassionally we may change the way Password Chameleon works to make it easier or more user-friendly.
Very occassionally, we may need to make a change that affects your passwords. It would take something special, like a killer new feature that transforms the service, or a security risk that needs to be addressed.
You can read about the changes here. You can also access older versions of Password Chameleon so that you can get passwords generated before a change.
Date: 09 July 2012
Details: Some websites don't accept passwords with symbols in. This experimental version of Password Chameleon allows you to generate passwords that only have letters and numbers in. Note that this is an experimental version - it is only used on this version page and does not appear on the main webpage or in any of the apps.
Please let me know how you get on with this. In particular, please let me know which sites reject passwords with symbols in, and also if you find any sites that reject the letters-and-numbers passwords.
Threat: None.
Breaking change: No (passwords generated with this version are different, but this version is an experimental version and has is not released to the main webpage or apps).
Date: 20 Feb 2012
Details: The password chameleon website now operates using an SSL certificate. SSL certificates are usually used to ensure that information you send to websites is secure. Password Chameleon never sends your information over the internet, so this is not relevant.
However, SSL certificates ensure that you really are at the site you think you are, which offers protection against someone redirecting you to a spoof site to collect your password information.
Just look for the padlock in your browser's address bar, or check that the address starts with https:\\ (note the extra 's' at the end).
Breaking change: No (your passwords have not changed).
Threat: Low - it is unlikely that anyone would set up a spoof version of the site and redirect traffic there.
Date: 07 Feb 2012
Details: All passwords had a dash in the middle to make them easier to memorise or read aloud (the format was XXXXX-XXXXX). It was pointed out to us that the distinctive format of the passwords made it easy to detect if a password had been generated by Password Chameleon. This could allow a hacker to use a brute-force attack to reverse engineer one of your passwords to determine your secret password.
Threat: Low - this would only be a risk if (when) Password Chameleon becomes very widely used.
Breaking change: Yes (your passwords will be different after this update).
Details: Previously, all passwords had a punctuation mark in them (the dash in the middle). Now that this has been removed, Password Chameleon ensures that all passwords contain a punctuation mark.
Threat: None - this is to help ensure passwords are accepted by sites that require a symbol, and does not have a significant affect on the security of Password Chameleon.
Breaking change: Yes (your passwords will be different after this update).
The first public version of Password Chameleon. This has the version number 1.5 (earlier versions were not released to the public.