Password managers are becoming more common these days as we are using an increasing number of sites each day. I have used several password managers for about 4 years, but I've never found the one that fits me. Everyone had some major flaws like it felt outdated or it was too expensive. Then it hit me... why shouldn't I create the next Facebook of password storage?
What were the main goals of the project?
1. The app must have a generous free tier. I wanted a personal plan, where you can store your passwords safely across multiple devices without hassle.
2. The app must feel new and responsive. When I used Lastpass and Bitwarden I felt like I was using a slightly outdated piece of software. I think the best and easiest way to achieve this is by
3. Be open-source. I think this one is obvious. If you make an application open source, then it means that there is nothing to hide.
How can this app compete? What can it give to users, that other managers can't?
1. The password manager without passwords. The most common security threat for an application is user exploitation. You can easily create a clone of the original website and start phishing for passwords. But when you have no you don't have a way to gain access to a user's account.
2. Free for the people, paid for organizations. I have been using WinRAR and I love the idea behind it. My take on this idea is to give the free plan the ability to create 2 people teams (I haven't seen any other password manager do this) and when you want to add more users, then you must pay for the excess number of people.
3. The ability to store crypto wallets. I must admit: the crypto hype train got me too, but when you consider it, then it will look like a good idea. You can store crypto wallets in the application, check your balance, send and receive money. It is easy to implement and also it is unique for this application.
4. Rich customization for secure notes. I have been using Google Keep through my entire high school years, so I got used to it. But when I want to write a note in my Bitwarden Vault, I cannot format my text, nor can I create a checklist, so it is not convenient enough for everyday use.
5. Zero trackings. A password manager must be a private space. You don't want to be tracked when you are managing confidential information.
Want to help?
The project is already in a very early stage of development (as the application is only good enough to log in on the web interface), but any contribution is welcome.
Github organization: github.com/wault-app
Discord: discord.gg/NxhdAf4azz
Latest comments (8)
What about authentication methods when you don't have a password? I know phones are usually secured with PINs/Face ID/thumb presses, but what about laptops? My macOS has a thumb reader but not all computers do. So you end up falling back to a good old password... Because authenticating the device is not enough, anybody can grab the device while it's open. The user needs to tell the device who they are. Doesn't that end up competing with LastPass, 1Password, BitWarden...?
I'm a bit confused as to where you're going with this, but you definitely seemed to have given it a lot of thought :) I also thought, to make all this content a bit more digestable, maybe some simple draw.io diagrams could help (you too) to read them?
Best wishes!
How can you maintain security when users don’t have passwords?
When you create a new safe, you generate a random key that is stored on your phone. It is used to encrypt/decrypt your data via AES.
When it comes to sending this key to other devices, we use RSA to obfuscate these keys with a public key, then they decrypt it on the user's device with the private key.
I will make a post with more details soon.
That's great security wise, but it's not going to be user-friendly for non-technical users having to deal with the private key.
The user does not have to deal with any of the private keys/passwords - that's the point of the whole project.
If you are interested in a more in depth article about it, I've just posted one.
dev.to/wault/encryption-without-pa...
thanks for the reply, I had a first glance at the article and it's a little complicated for me, but what you want to achieve is definitely interesting though. I will read through it again in more details.
Thanks for your reply ☺️
Happy to answer any questions! 🚀