A Secure Password Manager
What is a Password Manager?
A password manager can be a secure vault or encrypted storage that can store your passwords and other confidential data. The advantage that these password managers hold is that the user is required to remember just a single master password, instead of multiple passwords for different accounts.
Why is it important?
Internet has grown exponentially over the past decade, and as a consequence, the amount of data generated is increasing day by day. Online services are growing and to keep online services personalized and organised, online accounts are being created by users. Over the past few years, incidents of data breaches have surfaced over the Internet, and there are some which are not even public knowledge. Account passwords and personal information leaked from these data breaches are then misused or sold on the Internet. Cracking hashed passwords is not too difficult if the passwords among commonly used ones. A Google / Harris Poll conducted in February 2019 concluded that 52% people use the same password for multiple accounts. Hence, even if one of them is compromised, all of their accounts are consequently compromised.
How is this Password Manager different?
Password Managers typically operate in either an offline or an online manner. Both the approaches suffer from their own set of problems. The offline version requires that the file containing the encrypted passwords be transported everywhere and syncing the same file across many devices requires additional effort from the user, and if the file is lost, so are the passwords. The online version solves the sync and loss of file problem but an active Internet connection requirement is added, alongside the possibility of a security breach. Thus, our offline password manager does not store passwords anywhere. These passwords are not even stored on the device of the user, but are generated on-the-fly using the algorithm, by providing the master password.
Building and Running the Project
On Debian based distributions use apt to install node-gyp, a dependency required by the Scrypt module.
pwm@node$ sudo apt install node-gyp
Or it can also be installed using npm with sudo permissions.
pwm@node$: sudo npm install -g node-gyp
Finally, clone the project and install the NPM dependencies.
pwm@node$ git clone https://github.com/chaitanyarahalkar/password-manager pwm@node$ cd password-manager pwm@node$ npm install pwm@node$ npm start
Read the Paper
We wrote a research paper about it! Check it here
Contributions, issues and feature requests are welcome!
Feel free to check issues page.
Show your support