• thantik@lemmy.world
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    edit-2
    1 year ago

    I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It’s barely-secure, but the data is not accessible except when I’m updating it. It’s similar to the mooltipass but all the passwords are stored on eeprom.

    Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.

    Honestly, I’d love to just simply be able to afford a mooltipass though. :(

    This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/

    And I usually generate the passwords with an online tool so that I’m never using the same password twice.

    • Amju Wolf@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      That’s a lot of trouble to go into to have questionable security. Though it’s admittedly really cool.

      I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still…

      Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn’t protect you against inputting data on a wrong (phished) domain.