Storing Your Encrypted Passwords Offline On a Dedicated Device 107
An anonymous reader writes "The Hackaday writer Mathieu Stephan (alias limpkin) has just launched a new open source/hardware project together with the Hackaday community. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites people use daily. It consists of a main device where users' credentials are encrypted, and a PIN locked smartcard containing the encryption key. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login. All development steps will be documented and all resources available for review."
Re:if you can access it on a website (Score:5, Informative)
The way it's described in TFA, you can't "access it on a website" (whatever that means).
It's a USB device that generates and stores passwords. The stored passwords are encrypted using a key contained in a smartcard. When you want a password, you use the touchscreen on the device to generate or decrypt a password and spit it out to the computer (presumably, the device looks to the computer like a HID keyboard device).
The only communication would, therefore, be from the device to the computer. All user interaction is through the device's touchscreen. The smartcard handles the security.
It's not a bad approach, though it would/could be ridiculously clumsy to use once you have accumulated hundreds or thousands of passwords.