mindless.

Biometrics password manager that DOESN'T stores either your password or your biometrics data... Literally anywhere, not even as an encrypted file. Can't hack something that isn't stored.

Comment

Password managers store your passwords in either an encrypted file or some other company's servers. But why store your passwords when you can just not store anything at all?

What is mindless?

mindless is a biometrics password manager, meaning you use biometrics (in this case your face) to get passwords. However, unlike other password managers, mindless does not store any of your face data nor your passwords.

Motivation

Pretty much every password manager works by storing passwords in some "secure location", and apparently by "secure location" they mean either your hard drive or some company's server with a bazillion other people's account information. Sure, there might be encryption, but all it takes is one mistake when someone gets access to an unencrypted copy of whatever file your password is stored on, and the cards all tumble down.

This is what mindless seeks to solve: Why store your passwords when you can just not? Even if someone malicious gets a hold of your computer, if your passwords weren't on there in the first place, what password is there to get?

Tying in biometrics

Typing is so 2020. We're in 2021 now, and people can stare at their phones to unlock it now. So why can't we do the same with website logins?

In facial recognition, your face has what is called "landmarks", they're points on the face that are used to identify someone. After some experimentation, if you encode these landmarks, round it, compare it to other encodings, and find where both encodings have similar spots, we can take note of the similar spots and check these spots on other face encodings: if the faces are similar, then the spots should be similar too. Using this fact, we can generate passwords that are always the same for similar faces. Thus, instead of storing passwords or storing biometric data, we can store instead these special spots (called "lock numbers" in the program), and as long as a similar face encoding is presented then we can generate the same password.

Using biometrics, we could implement our desired system, where neither a password nor biometrics data is stored, but we are still able to generate the same passwords for the same face. And thus comes the birth of mindless, combining biometrics and password managers to create the ideal way of storing passwords.

This way, we can create a secure and hack-prone password management system that also is as easy to use as scanning your face.

Disclaimer

I should probably emphasize that this project is more of a proof of concept, as shoddy webcams isn't exactly what you should consider something reliable... an IR camera should really be used in conjunction for this project to make sure a picture of your face doesn't somehow fool the program as well. There are also papers on using an iris scan in conjunction with Eigenfaces, but i neither know enough linear algebra for Eigenfaces, nor do I have the time or money to get an iris scanner, or an IR camera for that matter, shipped over to me in less than 36 hours, so that was completely infeasible. Although, yes, the project at this stage is completely usable, I wouldn't personally recommend using it as a daily driver, as relying on a crappy webcam alone is not always going to yield the best results.

Built With

Share this project:

Updates