Currently, 2-step verification leaves much to be desired and is not nearly ubiquitous enough. We always have our phones at arms length, so why not use them to identify ourselves online?

What it does

Sesame allows users to securely store email/username and password combinations in the cloud. Upon visiting a site, the chrome extension sends an authentication request to the mobile device, where a fingerprint is enough to complete the sign in.

How we built it

Mobile application

  • Built in javascript using Cordova
  • Cross-platform
  • Uses to communicate with the server

Chrome extension

  • Fully-featured password manager
  • Also written in JS

Web server backend

  • NodeJS environment
  • CouchDB storage

Challenges we ran into

  • Sleep
  • Creating a system where API calls are authenticated before they are resolved

Accomplishments that we're proud of

  • Finishing
  • iOS keychain storage & fingerprint scanning
  • Usabilty of the chrome extension
  • The speed of the entire process of authenticating using a mobile device

What we learned

  • How to write a chrome extension
  • Cordova
  • Saving a partial hashed key to verify pin is correct, using the other piece to encrypt the data

What's next for Sesame

  • API that allows web services to use Sesame as the primary form of authentication.
  • Native push notifications
  • Link multiple devices to an account
Share this project: