Inspiration π‘
We all visit hundreds of websites in a day. The purpose varies from leisure activities like chatting with our friends, and watching some short videos, to serious activities like logging into the online bank website. But it leads you to memorize tonnes of passwords! And it's becoming increasingly challenging to manage them.
There are many password managers out there, but all require you to install many OS-related dependencies, or they are cloud-based products. And seriously, we shouldn't put critical credentials like bank passwords, Credit Card pins etc. in there. There are many instances where these online password managers got hacked!
What it does π€
Introducing WhereAreMyPasswords?! It's a 100% offline browser-based progressive web app to store your passwords and secure notes.
Although online password managers aren't very safe, an offline password manager can help keep our passwords safe, secure, and offer outstanding convenience. Now we don't need to worry about the security of password managers as it always stays on our machine.
Modern password managers are overcomplicated. We aim to make a simple, secure, and user-friendly password manager that is accessible to everyone.
We've built this app on top of the most used loved application (i.e. browser π»). It's offline, secure, blazing fast, and provides top-of-the-line security with local password and login saves.
How we built it βοΈ
Our aim is offline first, so we used the most loved frontend framework Nextjs to build a progressive web app (aka PWA).
Our app uses state-of-the-art AES encryption to store the passwords encrypted in the browser. It's near to impossible to crack the cypher with a strong key!
We tried to make the app as convenient as possible for the user. One of the ways we did this was by integrating an email client powered by Twilio. This way, the user can easily share credentials with anyone with just one click. Please note that encryption is done on the browser and then sent to our servers. It ensures that the credentials never get stolen!
Sometimes you would want to take a manual backup of the vault. That's very easy, and with a few clicks, you can create one. You can also import a vault easily. While importing, weβre using an intelligent merge algorithm to remove duplicate entries, so you don't need to manually do it! Another way in which this app provides a sublime experience.
Please note that we currently only support encrypted backups for your safety!
We have configured the CDN to put a cache maxAge headers of 1 hour (for now). It allows users to use the application even if they are offline. PS: We shall increase it to 1 day+ once the website is stable.
Challenges we ran into π€
- Working with encryption and also ensuring that our global state (in react) always remains in sync was a bit challenging.
- We faced a lot of issues while getting a domain from domain.com. We tried with three accounts and three different payment methods, yet could not buy the domain. π There seems to be some issue with payment verification; we're hoping to have the domain WhereAreMyPasswords.tech very soon after verification.
Design π¨
We were heavily inspired by the revised version of Double Diamond design process, which not only includes visual design, but a full-fledged research cycle in which you must discover and define your problem before tackling your solution & then finally deploy it.
- Discover: a deep dive into the problem we are trying to solve.
- Define: synthesizing the information from the discovery phase into a problem definition.
- Develop: think up solutions to the problem.
- Deliver: pick the best solution and build that.
Moreover, we utilized design tools like Figma, Photoshop & Illustrator to prototype our designs before doing any coding. Through this, we are able to get iterative feedback so that we spend less time re-writing code.
Research π
Research is the key to empathizing with users: we found our specific user group early and that paves the way for our whole project. Here are a few of the resources that were helpful to us β
- https://password-managers.bestreviews.net/faq/which-password-managers-have-been-hacked/
- https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- https://arxiv.org/pdf/2009.03062.pdf
- https://arxiv.org/pdf/1805.05033.pdf
- https://arxiv.org/pdf/1708.09333.pdf
- https://www.pearsonitcertification.com/articles/article.aspx?p=2952620&seqNum=2
- https://www.acunetix.com/blog/web-security-zone/common-password-vulnerabilities/
Accomplishments that we're proud of β¨
- We initially aimed not to participate in the hackathon and instead use the weekends to recharge ourselves for the next week! But later, we both agreed and started discussing the ideas. It took a lot of time to come up with this impactful idea, which has the potential to help many! We are really proud of it.
- Also, pulling off this hackathon with just two members is something we're very proud of. π
What we learned π
Working on encryption, hashing, etc. And managing the time and communicating effectively! These things are some things which we learnt during this hack!
What's next for wherearemypasswords π
We plan to use WebRTC to perform peer-to-peer on-demand sync between vaults in different machines. Since the data remains in-network only for a small duration and is always in an encrypted format, the chances of any malicious actor gaining access to it are very low. It will very much improve the user experience.
Note β οΈ β API credentials have been revoked. If you want to run the same on your local, use your own credentials.
Built With
- azure
- crypto-js
- domain.com
- nextjs
- tailwind
- twilio
- typescript
- vercel
Log in or sign up for Devpost to join the conversation.