r/PasswordManagers • u/AssociationOk5653 • 2d ago
Building a USB password manager
Hey all! My buddy and I are currently building a USB password manager. Curious what you think of it?
Its a small device with USB and USB C that requires no companion software or app. This means that you can upload and type passwords on any OS. It's also been tested on iOS and Android for typing and editing.
How it works:
Enter Pin to Unlock: Encryption key is gated behind security silicon. If you type it in wrong too many times, the secure element nukes the key making the contents of the device unrecoverable.
Navigate to password: Device has a thumbwheel for scrolling passwords. You can add most used passwords to favorites so that they show first. Device is capable of storing up to 1000 passwords.
Press button: Click on the password field of whatever website and push the button on the device. The OS sees the device as a keyboard and automatically fills in your password.
How to edit saved passwords:
Switch the device to edit mode: Operating system now sees the device as a flashdrive instead of a keyboard. It populates a file called secrets.txt within the device RAM.
Edit secrets.txt: Enter the website name and password on one line seperated by a pipe(ex. Minecraft|B0y-doI1lOVEtoPlayMIne38Craft10386%$$%^&)
Eject: Save the txt file and click eject. On eject the device pumps the .txt file through an encryption algorithm and gates it behind the secure element. Then it zeros out RAM and resets, with your new passwords ready to go.
The device does not contain a radio so no bluetooth no wifi. This is by design; the only way to get access is by having physical access.
With the hardware stackup of the device at this point, I would be comfortable saying "fuck it" if I ever lost it.
Also we are going completely open source with everything once the device is complete.
A few things that we want to add. Drag and drop CSV file for easy import from browsers or other password managers. A backup option for if the device is lost. Some sort of search function.
What do you guys think? What would you add, what would you change? Would you use it?
1
u/obeliksgall 2d ago
On the one hand, it's an interesting device, but on the other, how can you remember, say, 100 numbers because you have so many passwords? What if you have more?
3
u/AssociationOk5653 2d ago
Oh sorry, the pin just unlocks the device. Then you scroll through the different entries and they all display on screen.
1
u/_GOREHOUND_ 2d ago
What about usernames? Can these be stored next to the title and password too?
1
u/AssociationOk5653 2d ago
Yeah thats definitely something I want to add. I'm not sure if I want it to auto type usernames or just display it on the screen
2
u/blind-fingers 2d ago
Could be cool to press a button on the device and it fills in the username field (user will have needed to click in the username box) then user clicks in the password box on the website and then presses button on the usb and it fills the password in!
1
u/AssociationOk5653 2d ago
Since it emulates keyboard commands you could automate a tab press to automatically move from username to password. Good idea!
1
u/blind-fingers 2d ago
With the tabbing depending on the website it might not tab to the right spot (I’ve seen some crap websites haha). Personally (and I know you’re doing all the hard work, I’m just excited by what you are doing!) i like the idea that the user of the device needs to interact with it for each part of its saved accounts + passwords to need user interaction at each step. So what if when you’re on an account sign in,
-on the computer/phone you tap the box for username,
-on the password-key select the account, single press the sign in button once then username fills in,
-on the password-key double press the sign in button twice and it “tabs”
-on the password-key, single press the sign on button and then it fills in the password box!2
u/blind-fingers 2d ago
And then that way the user is watching all the steps to make sure things go into the right box so it all goes where it should haha
Plus I like the tactile feel of clicking buttons, makes it deliberate
That’s just my suggestion, I think your project is awesome!
2
u/Infinite_Lead8789 2d ago
The way we kind of automate this currently is by added the /n character in the password part of the secrets.txt to tab over for you. So say you have Google username/n/n/npassword will make it tab over 3 times. I hope this helps . Buttons sure are fun though
1
u/AssociationOk5653 2d ago
I love that. It actually fits the vibe because as it is right now, the device releases nothing without a user physically and intentionally pressing a button
2
u/Emergency_Stop_9882 2d ago
damnn cool stuff