Is "MasterPassword for chrome" on Chrome Web Store Safe to Install?
One of todays main security challenges on the web is passwords. You typically have to login at many different sites, and remembering a different password for every site is hard. Unfortunately one of the sites you use will sooner or later be hacked, and passwords leaked. If that password is reused on other sites, the hackers will have access to all your accounts. MasterPassword can help. With one master password, a unique one can be generated for each site. When you need to login, this addon will complete the site password for you. And it is impossible to guess the master password from a site password. Read more at http://masterpasswordapp.com The MasterPassword algorithm is standardized. You can find app's for Ios, Android, Windows, Mac and Linux. One of MasterPasswords strong points is that neither the master or site password is stored anywhere. The site password is rather generated mathematically every time. This is in clear contrast to many other password managers, like Chrome's built in password manager. If your computer or browser is hacked, solutions where the password is stored can give away all your passwords! Similar dangers exists with cloud based solutions. The MasterPassword addon can of course co exist with other password managers and will stay out of your way until you click the MasterPassword button. If you chose to uninstall the addon, you'll just have to remember the passwords you've generated, or import them into another password manager. Since passwords in MasterPassword are mathematically generated, it is impossible to import other custom passwords into master password. They would have to be stored on your computer, which defeats MasterPassword's working principle. As such, it is convenient to use the Chrome password manager for such passwords, until you find a time to switch a site to MasterPassword. Also note that when MasterPassword enters a password for you, Chrome will behave like you typed it on the keyboard, and prompt you if you want to save it. You can of course accept this, but your passwords will then be stored and risk being stolen. I'd therefore suggest to reject that offer. Protect your accounts on the web - Use MasterPassword
Risk Assessment
Analyzed147 security findings detected across all analyzers
Chrome extension requesting 6 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
7 rules(50 hits)Requested Permissions
6 permissionsExchange messages with programs outside the browser
About This Extension
Detailed Findings
53 totalYARA Rule Matches
7 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 91
detected IP: :: XIOC detected IP: ::
extracted_from_files
detected URL: https://github.com/ttyridal/masterpassword-firefox/wiki/Webextensions XIOC detected URL: https://github.com/ttyridal/masterpassword-firefox/wiki/Webextensions
extracted_from_files
detected URL: http://scripts.sil.org/OFL XIOC detected URL: http://scripts.sil.org/OFL
extracted_from_files
detected URL: https://en.wikipedia.org/wiki/Master_Password_(algorithm) XIOC detected URL: https://en.wikipedia.org/wiki/Master_Password_(algorithm)
extracted_from_files
detected URL: http://www.lhunath.com/ XIOC detected URL: http://www.lhunath.com/
extracted_from_files
detected URL: https://torbjorn.tyridal.no XIOC detected URL: https://torbjorn.tyridal.no
extracted_from_files
detected URL: http://fontawesome.io XIOC detected URL: http://fontawesome.io
extracted_from_files
detected URL: https://spectre.app/blog/2021-02-04-whats-a-password/ XIOC detected URL: https://spectre.app/blog/2021-02-04-whats-a-password/
extracted_from_files
detected URL: http://fontawesome.io/license XIOC detected URL: http://fontawesome.io/license
extracted_from_files
detected URL: http://stevenlevithan.com XIOC detected URL: http://stevenlevithan.com
extracted_from_files
detected URL: http://blog.stevenlevithan.com/archives/parseuri-split-url XIOC detected URL: http://blog.stevenlevithan.com/archives/parseuri-split-url
extracted_from_files
detected URL: https://en.wikipedia.org/wiki/ASCII XIOC detected URL: https://en.wikipedia.org/wiki/ASCII
extracted_from_files
detected URL: https://www.gnu.org/licenses/gpl-3.0.en.html XIOC detected URL: https://www.gnu.org/licenses/gpl-3.0.en.html
extracted_from_files
detected URL: https://github.com/ttyridal/masterpassword-firefox XIOC detected URL: https://github.com/ttyridal/masterpassword-firefox
extracted_from_files
detected Domain: your.site.com XIOC detected Domain: your.site.com
extracted_from_files
detected Domain: spectre.app XIOC detected Domain: spectre.app
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: http://www.gnu.org/licenses/ XIOC detected URL: http://www.gnu.org/licenses/
extracted_from_files
detected URL: https://github.com/ttyridal/masterpassword-firefox/wiki/Key-vault-troubleshooting XIOC detected URL: https://github.com/ttyridal/masterpassword-firefox/wiki/Key-vault-troubleshooting
extracted_from_files
detected URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1443758 XIOC detected URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1443758
extracted_from_files
detected Domain: bugzilla.mozilla.org XIOC detected Domain: bugzilla.mozilla.org
extracted_from_files
detected Domain: emsg.id XIOC detected Domain: emsg.id
extracted_from_files
detected Domain: data.auto XIOC detected Domain: data.auto
extracted_from_files
detected Domain: en.wikipedia.org XIOC detected Domain: en.wikipedia.org
extracted_from_files
detected Domain: scripts.sil.org XIOC detected Domain: scripts.sil.org
extracted_from_files
detected Domain: www.lhunath.com XIOC detected Domain: www.lhunath.com
extracted_from_files
detected Domain: torbjorn.tyridal.no XIOC detected Domain: torbjorn.tyridal.no
extracted_from_files
detected Domain: a.download XIOC detected Domain: a.download
extracted_from_files
detected Domain: a.click XIOC detected Domain: a.click
extracted_from_files
detected Domain: ev.target XIOC detected Domain: ev.target
extracted_from_files
detected Domain: drop.style XIOC detected Domain: drop.style
extracted_from_files
detected Domain: box.style XIOC detected Domain: box.style
extracted_from_files
detected Domain: m.style XIOC detected Domain: m.style
extracted_from_files
detected Domain: brow.style XIOC detected Domain: brow.style
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: global.int XIOC detected Domain: global.int
extracted_from_files
detected Domain: module.run XIOC detected Domain: module.run
extracted_from_files
detected Domain: this.store XIOC detected Domain: this.store
extracted_from_files
detected Domain: blog.stevenlevithan.com XIOC detected Domain: blog.stevenlevithan.com
extracted_from_files
detected Domain: stevenlevithan.com XIOC detected Domain: stevenlevithan.com
extracted_from_files
detected Domain: utils.read XIOC detected Domain: utils.read
extracted_from_files
detected Domain: z.hk XIOC detected Domain: z.hk
extracted_from_files
detected Domain: xhr.open XIOC detected Domain: xhr.open
extracted_from_files
detected Domain: eval.call XIOC detected Domain: eval.call
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
detected Domain: argtypes.map XIOC detected Domain: argtypes.map
extracted_from_files
detected Domain: module.total XIOC detected Domain: module.total
extracted_from_files
detected Domain: runtime.global XIOC detected Domain: runtime.global
extracted_from_files
detected Domain: e.data.id XIOC detected Domain: e.data.id
extracted_from_files
detected Domain: document.activeelement.name XIOC detected Domain: document.activeelement.name
extracted_from_files
detected Domain: fontawesome.io XIOC detected Domain: fontawesome.io
extracted_from_files
detected Domain: usermessage.info XIOC detected Domain: usermessage.info
extracted_from_files
detected Domain: accordion.in XIOC detected Domain: accordion.in
extracted_from_files
detected Domain: this.name XIOC detected Domain: this.name
extracted_from_files
detected Domain: d.map XIOC detected Domain: d.map
extracted_from_files
detected Domain: array.prototype.map.call XIOC detected Domain: array.prototype.map.call
extracted_from_files
detected Domain: this.listbox.open XIOC detected Domain: this.listbox.open
extracted_from_files
detected Domain: event.target XIOC detected Domain: event.target
extracted_from_files
detected Domain: this.inputnode.select XIOC detected Domain: this.inputnode.select
extracted_from_files
detected Domain: el.style XIOC detected Domain: el.style
extracted_from_files
detected Domain: e.id XIOC detected Domain: e.id
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected Domain: example.com XIOC detected Domain: example.com
extracted_from_files
detected Domain: shop.amazon.co.uk XIOC detected Domain: shop.amazon.co.uk
extracted_from_files
detected Domain: amazon.co.uk XIOC detected Domain: amazon.co.uk
extracted_from_files
detected Domain: ui.show XIOC detected Domain: ui.show
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: ev.target.id XIOC detected Domain: ev.target.id
extracted_from_files
detected Domain: b.style XIOC detected Domain: b.style
extracted_from_files
detected Domain: site.url.map XIOC detected Domain: site.url.map
extracted_from_files
detected Domain: siteurls.map XIOC detected Domain: siteurls.map
extracted_from_files
detected Domain: v.auto XIOC detected Domain: v.auto
extracted_from_files
detected Domain: console.info XIOC detected Domain: console.info
extracted_from_files
detected Domain: sites.map XIOC detected Domain: sites.map
extracted_from_files
detected Domain: scoredsites.map XIOC detected Domain: scoredsites.map
extracted_from_files
detected Domain: www.example.com XIOC detected Domain: www.example.com
extracted_from_files
detected Domain: a.name XIOC detected Domain: a.name
extracted_from_files
detected Domain: msg.id XIOC detected Domain: msg.id
extracted_from_files
detected Domain: chrome.runtime.id XIOC detected Domain: chrome.runtime.id
extracted_from_files
detected Domain: sender.tab XIOC detected Domain: sender.tab
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: r.tab.id XIOC detected Domain: r.tab.id
extracted_from_files
detected Domain: sender.id XIOC detected Domain: sender.id
extracted_from_files
detected IP: ::b XIOC detected IP: ::b
extracted_from_files
detected IP: ::f XIOC detected IP: ::f
extracted_from_files
detected Domain: www.inkscape.org XIOC detected Domain: www.inkscape.org
extracted_from_files
detected Domain: clients2.google.com XIOC detected Domain: clients2.google.com
extracted_from_files
detected Domain: github.com XIOC detected Domain: github.com
extracted_from_files
detected Domain: www.gnu.org XIOC detected Domain: www.gnu.org
extracted_from_files
detected Domain: cbrowser.management XIOC detected Domain: cbrowser.management
extracted_from_files
detected URL: https://github.com/ttyridal/masterpassword-firefox/issues XIOC detected URL: https://github.com/ttyridal/masterpassword-firefox/issues
extracted_from_files
Security Analysis Summary
Security Analysis Overview
MasterPassword for chrome is a Chrome Web Store extension published by [email protected]. Version 3.0.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 64.96/100 (MEDIUM risk) based on 147 security findings.
Risk Assessment
This extension presents high security risk. Significant concerns were identified during analysis. It is not recommended for use in sensitive or production environments without thorough review.
Findings Breakdown
- High: 50 finding(s)
- Medium: 97 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
MasterPassword for chrome is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 3K users.
Recommendation
This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
KPN Password Manager
[email protected]
MAGgie - An AI Assistant
[email protected]
Aintivirus Privacy and Wallet
[email protected]
BugZap — Visual Bug Reporter
[email protected]
FormGenieAI
[email protected]
OmniChat
[email protected]