I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It’s barely-secure, but the data is not accessible except when I’m updating it. It’s similar to the mooltipass but all the passwords are stored on eeprom.
Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.
Honestly, I’d love to just simply be able to afford a mooltipass though. :(
That’s a lot of trouble to go into to have questionable security. Though it’s admittedly really cool.
I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still…
Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn’t protect you against inputting data on a wrong (phished) domain.
I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It’s barely-secure, but the data is not accessible except when I’m updating it. It’s similar to the mooltipass but all the passwords are stored on eeprom.
Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.
Honestly, I’d love to just simply be able to afford a mooltipass though. :(
This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/
And I usually generate the passwords with an online tool so that I’m never using the same password twice.
Why not keepass and its editors and just keep the vault file on a flash drive?
Exactly. Plus, if you’re a windows user, you can keep the portable version of KeePass on the drive as well.
Not OP but this is exactly what I do and it works great
Same. Keepass either on a flash drive or synced via syncthing.
That’s a lot of trouble to go into to have questionable security. Though it’s admittedly really cool.
I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still…
Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn’t protect you against inputting data on a wrong (phished) domain.