Storing Your Encrypted Passwords Offline On a Dedicated Device 107
An anonymous reader writes "The Hackaday writer Mathieu Stephan (alias limpkin) has just launched a new open source/hardware project together with the Hackaday community. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites people use daily. It consists of a main device where users' credentials are encrypted, and a PIN locked smartcard containing the encryption key. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login. All development steps will be documented and all resources available for review."
if you can access it on a website (Score:3, Insightful)
It's not offline.
This really is some guy just using a system he thinks is less likely to be compromised. Well, that's what everyone else does too.
Re:if you can access it on a website (Score:4, Insightful)
Clumsy is precisely the problem.
Three mail accounts. Laptop bios, laptop login, laptop root. Several encrypted archival hard drives. Slashdot login. The Register account. Furaffinity account. Home server user password, home server drive encryption password, home server root password. Minecraft account. Ukfur forum password. Work user password. Work domain admin password. Work test user account passwords. Ebuyer account password. Ebay password. Paypal password. GPG private key password. Retroshare private key password. Three sites I'd rather not mention. 1and1 hosting password. Domain name registrar password.
That's just what I can remember right now, so it's probably around half of what I actually have. How do I remember so many? I don't. Very few humans are capable of that. It's bordering on impossible. You need to either have a list somewhere written down, or reuse passwords a lot. Neither option is ideal - both introduce security vulnerabilities.
Re:if you can access it on a website (Score:3, Insightful)
Thought up some more: Furrymuck, latitude and SPR much passwords. EVE online password. two IRC nameserv passwords. Work computer bios passwords. Work network switch passwords. Combination to my wall safe. Unlock code for my phone. Unlock code for my tablet. Two internet banking passwords. Somewhere out there, a disused Second Life account from before I concluded it is crap.
At least I don't have a facebook account.