Four weeks ago Kenneth Henderick contacted me because he wanted to build a Chrome extension to substitute the Passpack It! button, improving it. I really liked the idea, so we worked together a bit and I added some features to Passpack in order to provide him with what he needed to build UsePass.

If you are a Chrome user, you can download and install it from here.

UsePass supports multiple accounts. So, if you administer a company account and have also you personal account, you don’t need two buttons anymore.

It also supports a keyboard shortcut. This is very useful because one of the limitations of the Passpack It! button is that you need to visualize the button bar of your browser to click it. So when a login form is displayed in a popup window – without bars or a menu – it won’t work simply because you can not click it. With UsePass you can press your keyboard shortcut and magically you login to the website.

What About Security?

As you probably know, the Passpack It! button contains a special Autologin Key used to encrypt and decrypt the data necessary in order to autologin to websites. This is important because it also guarantees that the autologin data temporarily stored in our database is encrypted and fully adheres to Host-Proof Hosting.

UsePass, to do its job, needed to know this Autologin Key. Since it can only access DOM elements in the Passpack page, I added some special hidden DIVs containing the User ID, Autologin Key and the Autologin Key reduced hash. UsePass, during configuration, reads this data and has all it needs to do its job.

A note. UsePass simply runs the same process the Passpack It! button runs. So, if the autologin doesn’t work on some website don’t write to Kenneth, write us. :)

Have Fun

I installed the extension and it works perfectly. Also, Kenneth told me that if the UsePass for Chrome is appreciated by users, then he could develop a Firefox version as well. That would be great, wouldn’t it? So give him your feedback.

NOTE: Currently UsePass doesn’t support the double-click of the button. You need it, for example, to add a new entry in your account directly from the signup page of a new website or to copy/paste your credentials when autologin doesn’t work. Don’t’ worry, Kenneth will add it soon.



  1. That’s awesome!

    I started down this path – I got as far as a button on my toolbar that opens the Passpack web site. Thanks!

  2. Paul

    Looks interesting Kenneth, but I’m not a Chrome fan.
    Would really like a Firefox version though.

  3. I’ve just published a new version. UsePass now supports the “doubleclick” feature trough the context menu. Please find the full changelog at UsePass’ website.

  4. Fantastic – saves having the bookmarks toolbar visible for only 1 extension.

    Agree with Paul – a Firefox version would be great as well.

    Just to confirm – can Usepass see usernames and passwords or not? Presumably if it has access to the autologin encryption key it can?

  5. @Fergus: UsePass won’t save nor see any usernames & passwords.

    The only thing it does is injecting almost the same javascript in the page as the bookmark button does (which adds a reference to a script hosted on the Passpack servers). So it’s not UsePass that fetches your credentials & fill them in the website, but it’s Passpack’s own javascript that does that.

  6. Piotr

    It would be great if the add-on was ported to Opera! I have been told that it is very easy to port Firefox add-ons to Opera Extensions.

  7. Dave

    A Firefox version would be awesome!

  8. Jon

    I used to exclusively use Firefox for my beloved Passpack specifically because I had trouble with one click in Chrome, but this seems to work extremely well. Thank you Kenneth!

  9. I’m installing it!! :D

  10. Installed and… it’s fantastic! :o
    Really useful! :)

    Keep up the good job!

  11. First of all thanks to Kenneth for taking his time and providing a module like this.

    What I would like to know from the passpack people: Let’s say this module is taken over by a third party (bought from Kenneth or an account stolen to access the Google extensions site) and I would update to a new version of the module which had some malicious code.

    Would that impose a higher risk for my passwords than just navigating to the passpack website while having a malicious module (not passpack specific) with the same permissions installed?

    Is there generally a risk for data saved at passpack from modules that have the “access data on all websites” and “access history” permissions?

Trackbacks for this post

  1. Passpack blogs about UsePass

Leave a Reply