Inspiration

Password management can be a huge hassle. Sure, people say you're "supposed" to use a different password for every site, but how are you going to remember a unique password for every site? Are you gonna write them down? If you do that then if you lose that piece of paper your passwords are all gone and there's a chance all of your accounts are compromised. What about one of those fancy password managers like 1pass, Dashlane, or Lastpass? Well first off they're not completely free, and secondly with data breaches becoming more and more common what happens if one of those companies gets compromised? Storing things on a centralized server means that you don't have complete control of your own data, so who knows what can happen.

With all of that in mind we decided to create a password manager that

  • Doesn't store any password data. At all.

  • Is completely free and open-source

  • Is as secure as possible from end-to-end

  • And is (most importantly) convenient for the end user

What it does

There are two components to PrintN'Pass: the mobile app and browser.

Mobile App

1) User chooses to send username credentials to browser (optional)

2) Android app asks for biometric identification and once approved generates a constant and unique master password using SHA-256. This password is never saved anywhere.

3) The master password is encrypted to prevent traffic sniffing

4) The encrypted master password and username corresponding to the website is sent to a webserver

Browser Side

1) The browser receives a notification from the webserver indicating that a login request has been made

2) The browser fetches the encrypted master password and username. The 'encrypted master password' is then decrypted.

3) Browser gets the current website in focus and extracts its domain name from the URL.

4) Browser hashes the master password with the domain name to create a unique password for each website.

5) The username and password fields on the webpage are filled in and the user can now login

Note that no databases are used and nothing is ever stored on the client or server. Everything is automatically generated when needed

How we built it

Node.js & express.js - used to create a simple webserver that bridges the connection between the mobile app and browser

Google Cloud Platform - used to host the webserver because who wants to keep their computer running all the time

Android SDK - used to develop the mobile app

Chrome Web Extension API - used to add TouchN'Pass functionality to the browser

Challenges we ran into

  • We originally did not want to have a webserver since that would be another moving part in what we wanted to be a very simple service. However, we eventually settled on creating one since it would improve user experience.

  • We originally intended to use Firebase Cloud Messaging to send notifications across platforms. However, due to lack of documentation on using Firebase with the Chrome Extension API, we decided to pivot and use a standard Node.js webserver.

  • Every website has different identifiers for their username and password fields. We wanted the fields to be filled in automatically so some hacky workarounds needed to be used to actually identify these fields .

    Accomplishments that we're proud of

  • Successfully created a structurally complex and secure Android app (ie integrating fingerprint unlock, dynamically generating password data, etc.)

  • Implementing end-to-end encryption for the sensitive data sent from the mobile device to the browser

  • Not having to store any password data anywhere.

  • Creating a flexible password management system that works for any website or login form.

  • Creating a streamlined user experience that just about anyone can pickup and use.

  • This project since it's something that we'd like to use in our daily lives.

    What we learned

Andros

  • Firebase is cool but kinda hard use in some cases

  • Chrome's Extension API is weirdly complex but powerful.

  • Those cookies had a lot of caffeine

Arden

  • Google Cloud Platform is surprisingly simple to use

  • How to detach a process from terminal so closing ssh doesn't kill it

Michael

  • How to implement fingerprint authentication on Android app

  • How to write and view logs with Logcat

  • Giving everyone access to the master branch on Github can be hectic, even counterproductive, at times

    Eric

  • How to output to and input from a file from an Android app

  • How Android RecyclerViews work

  • How to completely mess up a git repository

What's next for PrintN'Pass

As we had mentioned earlier we did not want to include a webserver in our service, however after the last 36 hrs we think it's definitely possible to redo this project without using a webserver and without sacrificing to much of the user experience in exchange. It would also be possible to rewrite the chrome extension as a native desktop app so the password manager could also work with apps like Steam or Discord.

Hey this is an Alt text!

> thumbnail not relevant

Built With

Share this project:
×

Updates