• Remember passwords is a pain
  • Using password vaults is a pain
  • Security is a pain

So why not create a passwordless authentication system that doesn't require you to remember anything?

What it does?

SmashPass is a passwordless Identity Provider that uses machine learning to create a model of your characteristic smashing patterns. We use the model to authenticate you, and only you, every single time.

(W.I.P.) To add an extra layer of security we have you specify a memorable location when you register. Then, after you've logged in with a smash we show you a reCaptcha style window with 9 images from Google Street View, one of which is from within 100m of your memorable location.

How it works?

Machine Learning

Primož and Cherry modified a neural network that Primož use to classify the gender of Slovenian nouns to be able to take inputs of a fixed length (25 characters) to create a model for each user.


Aaron built the website in React with Redux, Firebase, and Material-UI, ensuring that it's good looking, easy to use, and performs well.

(W.I.P.) Second Factor Image Auth

Holly used Python and various Google and other Geolocation APIs to used the string provided by a user to generate bot the random images, and the correct one in a way that is not too difficult for the user.


The machine learning and associated express.js web server is on a 8vCPU Google Cloud Platform Compute Engine VM Instance

The front end is built using React and Firebase with Cloud Firestore, and is hosted on with Firebase hosting.

The second-factor authentication flow is built in Python and uses Flask with the Google Cloud Functions.

What's next for SmashPass

  1. Implement Second Factor Image Auth
  2. Implement a way for other developers to use smash as an OAUTH Provider
Share this project: