Description
Nowadays, there are too many platforms on the Internet, and each platform requires an account and password.
It can't be recorded
Therefore, it is necessary to make a software to record the account number and password
Function:
- The software requires a password to log in, (it can be unlocked twice with 2FA)
- The information stored in the software is mainly the platform name, platform address, account name, and password. Email, mobile phone,
Passwords need to be stored encrypted
- There is a search function, which can be quickly matched to the platform or account through search
- Password generation function (help generate passwords)
- Data can be stored locally or synchronized to the network disk (Baidu, Alibaba, GitHub)
- It will lock if it is not operated for 5 minutes
- Clear the contents of the pasteboard regularly, and adjust the clearing interval
- Encrypt local files.
This type of software,
It's better to store things locally (no need to interact with the server)
It is best to open source (supervised by everyone)
Charge by synchronizing user information
Existing software
Bitwarden
Open Source Website:
https://github.com/bitwardenAwesome from front-end to back-end, completely open source.
proton pass
Official website: https://proton.me/pass
Partially open source:
KeePass
1password
Charge, find a description: https://yishi.io/1password-complete-tutorial/
Description of the web page process
Step 1: Generate a private key
Let you save
A PDF will be generated for you
Next
Main page
Create a new vault
That's it here
Vault page
Create a new login account
Project:
Passwords can also be imported
I choose chrome
Select Chrome
After you export the password file
Upload the file
Reset the label
It will lock if it is not operated for 10 minutes
### Security mechanisms1Password isn't open source, but it follows a public specification ([white paper on the security model] (https://1password.com/files/1Password-White-Paper.pdf)) that any developer can black-box test.
David Schuetz explores how 1Password works in great detail in his blog post (https://darthnull.org/security/2018/11/09/1pass-misc/), and here's the core of his summary:
The so-called 2SKD (two-secret key derivation) mechanism means that 1Password uses both your own master password and secret key to encrypt your information, as well as verify your identity during communication with the server.**The Master password is not stored by 1Password, it only exists briefly in the machine's memory while it is being run. **
**The Secret key (i.e., the Account key in the diagram) is generated locally and only locally and is not uploaded to the server. **
Client-side flows
landing
flowerpassword
https://flowerpassword.com/: Just help generate passwords