A secure, open-source password manager browser extension that generates and stores strong passwords with quantum-enhanced entropy, protecting your digital identity with modern cryptography.
CryptMyPassword solves the problem of password management and secure generation. It provides:
- Automatic Password Generation: Create cryptographically secure passwords using quantum-enhanced entropy
- Transparent Storage: Securely store passwords for websites you visit without manual intervention
- HIBP Integration: Check if your passwords have been compromised in known data breaches
- Device Synchronization: Sync passwords across multiple devices safely
- Zero-Knowledge Architecture: Your passwords are encrypted and stored securely; the extension never transmits unencrypted credentials
β¨ Core Features
- Secure Password Generation: Quantum-enhanced entropy for maximum security
- Auto-Save: Automatically save passwords when you register/login on websites
- Breach Detection: Check passwords against HIBP (Have I Been Pwned) database
- Multi-Device Sync: Synchronize passwords securely across your devices
- Smart Detection: Automatically detects password fields and registration forms
- Show/Hide Toggle: Easily view or hide passwords when needed
- One-Click Copy: Quickly copy passwords to clipboard
- Easy Management: Delete passwords you no longer need
π§ Technical Features
- FastAPI backend with MongoDB storage
- Docker containerization for easy deployment and development
- Quantum randomness integration for enhanced entropy
Available in upcoming releases
Prerequisites
- Docker
- Android Studio (for mobile development)
- python3
Mobile setup
- Clone the repository
- Open the project in Android Studio
- Launch the app on a connected device or emulator
Backend Setup
# Clone repository
git clone https://github.com/noa-rpache/CryptMyPassword.git
cd server
cp .env.example .env # Modify the values as needed
# Create a virtual environment
python3 -m venv <nombre-env>
source <nombre-env>/bin/activate # Linux
<nombre-env>\Scripts\activate # Windows
pip install -r requirements.txt # Install dependencies
# Launch FastAPI server
python -m fastapi dev main.py --host 0.0.0.0 --port 8000
# Launch MongoDB
docker-compose upExtension Setup
# Load in Firefox
# 1. Navigate to about:debugging#/runtime/this-firefox
# 2. Click "Load Temporary Add-on"
# 3. Select manifest.json in the browser/ folder
# Load in Chrome
# 1. Navigate to chrome://extensions/
# 2. Enable "Developer mode"
# 3. Click "Load unpacked"
# 4. Select the browser/ folder- Visit any website with a registration form
- Click the "Generar contraseΓ±a segura" button in the extension popup
- Complete the registration and submit the form
- Your password is automatically saved
- Visit a website you've registered on before
- Click "Usar contraseΓ±a guardada" if available
- Your saved password is filled in automatically
- Click the extension icon in your browser toolbar
- View all saved passwords with domain, username, and encrypted password
- Check for breaches with the "Verificar contraseΓ±as" button
- Delete passwords with the ποΈ button
- Copy passwords with the π button
- Toggle visibility with the ποΈ button
- Click the "Verificar contraseΓ±as" button in the dashboard
- The extension checks each password against HIBP
- Breached passwords are highlighted in red with breach count
POST /password # Generate a new password
GET /password # Get all stored passwords
GET /password/{domain} # Get password for specific domain
POST /password/save # Save a password
DELETE /password/{domain} # Delete a password
GET /audit # Check all passwords against HIBP
GET /synchronise # Get linked devices
POST /synchronise # Link a new device
Add an API_KEY to both server and browser .env files.
CryptMyPassword/
βββ browser/ # WebExtension and dashboard
βββ server/ # FastAPI Backend
β βββ main.py # API routes
β βββ requirements.txt # Python dependencies
β βββ dockerfile # Docker configuration
β βββ docker-compose.yml # Docker composition
β βββ ... # Initialization scripts
βββ mobile_app/ # Mobile app
βββ docs/ # Documentation
Communication Flow
- Content Script detects password fields on web pages
- Browser Extension shows UI for password generation/saving
- Background Worker communicates with FastAPI backend
- Backend API manages MongoDB storage and HIBP checks
- Database securely stores encrypted credentials
We welcome contributions! See CONTRIBUTING.md for detailed guidelines on:
- Setting up your development environment
- Code standards and style guide
- Running tests
- Submitting pull requests
- Commit message conventions
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test your changes
- Commit with conventional commits
- Push to your branch
- Open a Pull Request
This project is licensed under the MIT License - see LICENSE file for details.
- π Documentation: See the docs/ folder for detailed explanations about how it works.
- π Bug Reports: GitHub Issues
- π¬ Discussions: GitHub Discussions
- User installation
- Internationalization (i18n)
- Improve form fields detection
- Follow development on GitHub
- Join discussions and share feedback
- Report bugs and request features
- Contribute code, docs, or translations
- For the extension icon: https://www.flaticon.com/free-icon/password_4543404