Friday, 28 June 2013

Password Manager

Like many of us, I have a lot of online accounts: email, banks, forums, online stores, games etc. It would be ideal if I could use different password for each account. It would be also nice to use long and complex passwords, just in case. Also, sometimes you can't or simply don't want to use your email address as a user name and have to think of something else (and remember it!). Finally there is a case where you simply have to use user name and password specified by somebody else. I guess that it is not possible for most of us to remember so many user name and password sets. There is also another problem with long and complex passwords: it takes a while to type them, especially if you want to be extra careful not to make any typing mistakes.
To solve these problems we can use some kind of password manager application. I won't be getting into details here, because there are so many different solutions. Instead, I will just make a list of features that my ideal password manager application should have.

1) I want to be able to access my data at any moment.
2) I don't want to store my accounts data online.
3) I don't want to enter passwords manually, password manager should do that for me.
4) I want to be able to use my password manager on any machine/operating system.
5) There are some cases when I can't/don't want to install any software on a machine I use at given moment.

...so as a result:

1) Account data should be accessible form my smartphone, because I usually have it with me.
2) Data should be stored locally (of course with possibility to make a backup).
3) Password manager must have some way of controlling or accessing a machine that I use at the moment.
4) It must support many different operating systems.
5) Password manager should be able to input data using the same way as a user does.

InputStick allows to solve many password related problem by allowing to type passwords for you (also user name, direct URL to login page etc). What is most important is the fact that as a generic USB keyboard it will work with any USB host/operating system and does not require any additional software or drivers. Also no Internet connection is required since everything is stored locally, on your Android device.

Now let's take a look at my implementation. At this moment application is still in very early phase, but it already provides most important functionality: storing account data, displaying it or using InputStick to type it for you. Let's start with a video:


Login Screen
I guess it is pretty much obvious that any password manager should have master password to protect stored data. Since application is still in development, at this moment master password is set to null.


Main Activity (Item List)
Here you can select item from the list, add new item or connect to/disconnect InputStick.


Item details.
Here you can see list of elements associated with an item. At this time list of possible elements include: element name, URL, user name and password. There are also additional buttons that allow you to easily navigate between text fields (using Tab and Shift+Tab combinations) and press Enter key.


Element action.
For each element you can choose to display its value, type using InputStick or copy to clipboard.


Edit item
This activity allows to add or edit an item. You can specify value for each of elements: item name, URL, user name, password, item type. You can also check the checkbox to automatically include Enter after typing password.


Settings

If you mostly use "Type" action, you can check "Connect automatically" option so you don't have to manually initiate connection to InputStcik. Application can also detect state of Caps Lock and basing on that choose to type in upper/lower case.

So as you can see at this time application provides only basic functionality, still I think that it is a great demo showing one of many possible usages for InputStick.

2 comments:

  1. Awesome. Seriously. This is exactly why I'm interested in InputStick too - it's the only logical way to do _really secure_ password management.

    By the way, it might make sense to have an option (per-item, like the "enter" one) to auto-type _both_ the username and the password, with a TAB between them - I'd expect that most login forms move to the next field correctly on a TAB keypress...

    ReplyDelete
    Replies
    1. That is one of things form my todo list. I also think about including option to type only selected characters (for example: 1st, 3rd and 10th), since some sites (usually banks) use this method. Another useful feature would be intercepting one time passwords sent by SMS and typing them. Typing 6 digits manually is not a big deal, but sometimes they use more digits or even alphanumerical OTPs.

      Delete