New PasswordPump2.0 Ensures You Never Forget a Password
Using the same password on different platforms can be a security risk, but remembering different passwords, used for different accounts, can be quite the task too especially with the need to infuse special characters and numbers, and the fact that you may not use some of the passwords regularly enough for them to become easy to remember. To help keep track of all these, Dan Murphy has designed a USB- based device that is capable of storing up to 250 sets of credentials, that are encrypted with AES-256 encryption, which makes gaining access to the credentials nearly impossible.
The new device called, PasswordPump 2.0, removes the need to store your credentials in the cloud or on a file where an attack could easily leave you exposed.
It is based on the Adafruit ItsyBitsy M4 and includes; a pair of removable EEPROM chips, an I2C OLED display (128 x 32), and a rotary encoder, all stacked on a custom PCB. The credentials are stored on the first EEPROM chip and backed up on the secondary for added security.
The device allows users to enter their credentials using several methods, including; the rotary encoder, the keyboard, via the serial terminal, or via the PasswordPump Python-based GUI, which was explicitly developed for this purpose.
The PasswordPump 2.0 offers a myriad of features, which are as provided by Murphy:
- Store up to 250 sets of credentials
- Authenticate with a 15 character master password
- Search for accounts
- Data entry via rotary encoder or keyboard and serial monitor, or via client Python GUI running in Windows, Ubuntu, or MacOS.
- Send username and password as if typed in via keyboard. Can also send URL, old password and account name.
- Add account name, username, password (generated or not), URL, old password
- Accounts added in alphabetical order
- Edit existing username, password, URL, style (inter-username/password character, Return or Tab), old password
- Automatically saves old password if it’s not already populated
- Delete account
- Generate 31 characters’ random password from the PasswordPump or via the client GUI.
- Backup all accounts to a second encrypted external EEprom
- Logout / de-authenticate via the menu, automatically locks the computer
- Factory reset via menu (when authenticated) wipes out all credentials
- Configurable password display on or off
- Configurable failed login count factory reset (3, 5, 10 or 25)
- Configurable automatic logout after a count of minutes (30, 60, 90, 120, 240, 1 or Never)
- Configurable RGB LED intensity (high, medium, low or off)
- All passwords (except the master password) are encrypted w/ AES-256; the master password is hashed w/ SHA-256.
- All encrypted accounts and the hashed master password are salted
- Change master password
- Export to PasswordPump formatted CSV file
- Import from PasswordPump formatted CSV file
- Import credentials from Chrome export
- Import credentials from KeePass export
- Associate credentials with groups for better organization; search by group (Favorites, Work, Personal, Home, School, Financial, Mail or Custom)
- Decoy password feature that automatically factory resets the device if entered (e.g. while the user is under duress)
- Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.
The device’s design is open source and a detailed guide on building the device with schematics, and code along with a complete BOM is available on Murphy’s Website. He also has the device for sale on Tindie for those who will rather just buy it. It goes for $35 plus $10 for shipping.