The past month I have spent time developing a little desktop application for safe guarding web account details. This application helps in maintaining a well organized database of secret account information and free text notes, in an ordered and easy to find manner.
What makes it so safe?
This application installs on your local desktop, so the information you type into it never leaves your computer. This application encrypts everything you put into it using a high, U.S. government approved standard called AES-128 (Advanced Encryption Standard). This application uses the password you provide as part of the encryption key ensuring no one else can breach the critical information you have, unless he has your password. It’s important to remember that nothing is 100% safe, but it helps not to be the easiest pray.
This beta release includes:
· An encrypted database, using AES-128
· Managing records for web accounts, mail accounts, software registration and general notes
· Managing categories for organizing the records (including custom categories)
The next release (not a beta) will include:
· File attachments (you will be able to drag in and out files and the system will encrypt/decrypt them accordingly)
· Backups (you would be able to have temporal backups and retrieve data in case the computer got corrupted, all backups are fully protected)
· Any cool feature I get from people using it (email me for special requests: giladmanor@yahoo.com)
Installing the Protect Your Passwords! application
The installation process is very simple; and it works for all major Operating systems (i.e. windows, Mac and Linux) just follow the instructions on the badge:
To intsall this application please follow these two steps
1. Install Adobe Air
2. Download and run Protect Your Password
1. Install Adobe Air
2. Download and run Protect Your Password
Or download directly and run installation manually.
After installing you will find the following icon on your desktop:
Double click it, to run the application. After consenting on the disclaimer, you will be asked to enter your master password in a screen shown in figure 1
Figure 1: Master Password Creation.
The master password is the one password you will need to remember from now on, and better not forget. The master password is used as the key for the encryption of the file containing all the vital data. This means that the encryption is unique to you. The master password registration screen requires you to enter a password of a certain minimum length. While typing your master password the password strength indicator will let you know who safe your password is.
Using the application
Once the master password is entered, the next time you open this application you will be asked to enter your master password in order to unlock the application, see figure 2.
Figure 2: the login screen
Failing to provide the correct password for over 4 times locks the application, as displayed in figure 3. The reason for this is to make life harder for hackers using automation software to try and guess your password.
Figure 3: a locked application, no further attempts are allowed until the application is restarted
Important note: If you forget your master password, there is no way to retrieve the data, not even me, since I will have to have the correct password to decrypt the database.
After logging in, the application dashboard is opened up, where you have shortcuts to all the important features of the application, as displayed in figure 4.
Figure 4: the application dashboard
From the dashboard you can:
· Search for a protected record, the search is either by a search phrase or by category
· Create a new record
· Create your own categories, delete existing categories (deleting a category doesn’t delete the records that were related to it)
· Change your master password
Not yet in this version: the settings screen for advanced configuration
Searching for Records:
To find a record you are looking for, you may either click on the category it belongs to, or click the search records button. This will move you to the search screen displayed in figure 7.
The new record button will move you to the details screen for entering a new record, displayed in figure 6
The new category button will open up a popup for entering a label for a new category as shown in the following figure 5
Figure 5: creating a custom category
Removing an existing category envolves right clicking on the category you would like to remove and selecting “delete”.
Clicking the change master password button on the dashboard directs you to the master password screen as displayed in figure 1. Failing to complete this form will leave you with the previous password.
Creating a new record is done by the new record screen depicted in figure 6
Figure 6: creating a new record
The record form is structured from two input arias, once for standard details, as displayed in figure 6, and the other is for free text notes, which is accessible by clicking on the “Notes” bar in the bottom of the details screen.
Note that when entering a new account, the details form allows you to create a random password to use on the web account. Since you don’t have to remember the special password, it’s easier to have web accounts that are even more secure. Choose the length of password you would like to have and click on the “Generate” button to render a unique password.
For convenience, you can put the web address (URL) of the site for the web account. This is saved for later quick access but is not mandatory.
The tags have no significant use for now, but in later releases, I intend to have advanced searched and categorization according to these tags, so it might be useful to start tagging your information.
Exiting the application or this screen without clicking on the save button; will result in loss of the changes.
The search screen, as shown in figure 7 allows you to look for a particular record of information either by selecting a category, or by a search phase, or a combination of both.
Figure 7: the search screen
Once you found the record you were looking for, there are several functionality shortcuts you can access on the record display:
· Navigate to the web account site by clicking the label. This feature is available only if you entered a valid URL in the link filed on the details form, as shown in figure 6. If you left the field empty, then clicking on the label will open the record for editing
· Copy USER NAME to clipboard, this is available to you only if you put the user in the user field in the details form
· Copy PASSWORD to clipboard, this is available to you only if you put the user in the password field in the details form.
· The little x button is for deleting the record
· The little pencil button is for opening the record for editing
Clicking on any of the category icons on the side will automatically change the search result to include the selected category.
That’s it for now, please remember that I welcome any suggestion warmly, feel free to send your suggestions to my mail at: giladmanor@yahoo.com or by posting it as a response on this blog.
"U.S. government approved standard called AES-128"
ReplyDeleteOh... OK... then we know there's a backdoor!
The US government actually uses this standard for their own encryption purposes.
ReplyDeleteread: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
The AES-128 is open source, so you are welcome to try and find the proverbial backdoor at your leisure.
is there a mac version, ipod, ipad, or iphone versions?
ReplyDeleteThe Adobe AIR runtime is good for Windows, Linux and Mac OS. not runnable on ipad/pod/phone.
ReplyDelete