Forgot your password?
typodupeerror
Security

Storing Your Encrypted Passwords Offline On a Dedicated Device 107

Posted by samzenpus
from the built-to-last dept.
An anonymous reader writes "The Hackaday writer Mathieu Stephan (alias limpkin) has just launched a new open source/hardware project together with the Hackaday community. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites people use daily. It consists of a main device where users' credentials are encrypted, and a PIN locked smartcard containing the encryption key. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login. All development steps will be documented and all resources available for review."
This discussion has been archived. No new comments can be posted.

Storing Your Encrypted Passwords Offline On a Dedicated Device

Comments Filter:
  • by chihowa (366380) * on Sunday December 08, 2013 @03:18PM (#45633899)

    The way it's described in TFA, you can't "access it on a website" (whatever that means).

    It's a USB device that generates and stores passwords. The stored passwords are encrypted using a key contained in a smartcard. When you want a password, you use the touchscreen on the device to generate or decrypt a password and spit it out to the computer (presumably, the device looks to the computer like a HID keyboard device).

    The only communication would, therefore, be from the device to the computer. All user interaction is through the device's touchscreen. The smartcard handles the security.

    It's not a bad approach, though it would/could be ridiculously clumsy to use once you have accumulated hundreds or thousands of passwords.

"The chain which can be yanked is not the eternal chain." -- G. Fitch

Working...