Protected Passwords That Can’t Be Read Even by Keyloggers

I’m a little on edge. If I share my passwords with a password manager, I don’t want to. None of them should be written or typed. I don’t even want to look at them with my own eyes. I want to forget them. I want at least one upper case letter and one lower case letter, a numerical digit, and a unique character for each one. I don’t want a key-logger program to be able to get my passwords, so I don’t want one. And I don’t want to lose any of my passwords, so I write them down. Is what I want too much?

When I was playing around with Python programming ideas, I had another “Aha!” moment, and the code in this article was born. No, it doesn’t meet any of the above requirements. Let me show you.



Before I explain how to use the program, I’ll show you how to do it. Please take all of the URLs of the web page you are on and paste them into your clipboard when asked for a password. Make sure you run the program first. Come to life: It will show up and ask for your short personal key. Then quickly go away with no passwords or anything else on the screen but your key. Finally, copy the password from your clipboard and paste it into the password field. You’re done now.

How Does It Work?

Most of the time, passwords are unique to the domain where you log in, but they aren’t always. A web address line in your browser is called a “URL.” When you log on to something, look at that line, and you will see the main domain address preceded by “https://” and followed by more information about where you are. For example, to log into Amazon, the core domain is “” For Google, it is “”com” and so on. Python makes it easy to get that core domain string from the full URL, no matter what. Other things are used to make your passwords unique. The domain is just one of those things.

To make things easier for you, the program has been changed. When I show you how and where to change the code in a little, you’ll be all set. A bank PIN is ideal, but any short string that’s easy to type and remember is good. If someone steals your copy of this program from your computer, they still need your key. If they don’t know your key, they’ll have to create a new password.

In the same way, even though a wrong person had your key, they would still need to get your copy of this program from your computer. To break your passwords, both parts would have to work together.

Source Code

Its primary source code is shown here. Ensure that it imports two other modules, and I’ll talk about them next.


The URL string is taken from the computer’s clipboard. The domain is found in the first few lines of the URL. A line after this one asks you to give your key. The Prb object is set up with the domain string and your key (pseudo-random bytes). Strings a1 to a4 have all the characters you might want in your new password. If you want to add or remove any characters, feel free to do so in this place. The list PW is made by adding one character from each string to the beginning. At least one from each set is safe.

The while loop uses pseudo-random bytes to add characters to the PW list at random places until there are 17 characters in the list, at which point the loop stops. Please feel free to change 17 to the length of passwords you would like to set up. Finally, the list is made into a single password string, and it is then put into the system clipboard so that you can paste it into a new password field.


You can see that the pyperclip module is used by this program. “pip install pyperclip” is a one-time and straightforward thing to do. This adds this library to your Python library. You can find out more about pyperclip by going to its Pypi page here to learn more. With this new tool, you can now take data from your clipboard and put it back into your clipboard! I use it all the time for many Python programs that are just for fun.

Which Pseudo-random Bytes Work?

It is also found in the module, where the Prb class is also seen. Code listing: Here is the code listing; before I explain what it is, I will say.


This class keeps a list, called buf, of 256 integers that range from 0 to 255. P and Q are variables that point to this list. When you use next_byte(), the order and indexes of the list items are changed based on the optional number b. If you change even one bit of the number b that you put into this method, the order of the output bytes will be completely different.

Customization for You Only

Remember that the seed string used to start this pseudo-random bytes generator is passed from the main program. It includes the current domain and your key used to start the generator. If you want to add more or less random characters to your unique string, you can add them to the unique string above. If you put together a long string, you feed it into a method called next_byte() repeatedly to start the generator uniquely. Electrons aren’t the only thing that can be in different states. By a long shot.

On the side, I’ve sent the Prb code to some experts, and they say it’s perfect. Also, it has done a lot of testing with well-known pseudo-random bytes testing programs and passed with flying colors. Even though it isn’t a professionally certified cryptographic algorithm, it works very well for protecting your passwords. You can trust that it doesn’t have any back doors or mysterious code so that you can use it.

The passwords made by this program are very hard to brute force. A hacker would have to get their hands on your unique copy of the program and then brute force through all the short keys you could choose. That could happen when it comes to things like key-loggers, online password managers, and other things you can’t do anything about. But it’s not very likely when it comes to things like that.


I suggest that you change the strings shown in the Prb class, then don’t change them again. It doesn’t even have to be a significant change for all of your passwords to change. The best thing to do is to keep a paper copy of your program somewhere safe, just in case you need to get it back for any reason.

Original Source Code: John Clark Craig

Leave a Comment