[Cialug] Password vaults

Matt Stanton matt at itwannabe.com
Mon May 22 05:31:11 UTC 2017 

I'm not sure exactly what you're getting at, here, so I'll try to andwer with some features I think may be close.

The Mooltipass is only operable when you unlock the smart card.  This is acheived with the four-digit pin.  Each pin digit is a hexidecimal digit (0-9, A-F), giving you 65,536 possible unique pins (I think that's right, anyway).  The card is destroyed if too many missed tries are exceeded (I think it's four).

It will stay unlocked so long as it has power if you wish it to.  Otherwise you can set it to timeout after any customizable amount of time, after which you must unlock the card again.  If you unplug the Mooltipass or remove the card, once you plug it back in or reinsert the card you have to unlock the card again.  That means you could have multiple Mooltipasses and one card, or you can even have one Mooltipass with multiple cards (you could have one card that only unlocks passwords needed for work and another for personal, or even a separate card specifically for financial websites to keep your bank accounts safe if your "work card" is stolen and unlocked).

Any time you visit a website for which credentials are stored in the Mooltipass, the browser plugin will notify the Mooltipass that you may wish to use the stored credentials.  The Mooltipass will flash its screen, asking if you want to enter a set of credentials.  If there are multiple sets for that website, you can scroll to the set you wish to use and select it.  If there is one set, you can select it, or there is an option to allow a couple of knocks on your desk to authorize credential use.  The knock option has three levels of knock sensitivity you can choose.

Manual entry of login credentials is possible by clicking on the "LOGIN" option in the Mooltipass scroll menu, choosing a credential set by website domain or entry name, and clicking to select.  It will then ask if you wish to enter the username.  If you choose to, it will then type in your username followed by an optional tab or enter keystroke.  Next it will ask if you want to enter the password.  If so, it will type the password followed by an optional enter keystroke.  If you choose 'no' to either username or password that option will not be typed, nor are the optional keystrokes, and in the case of skipping the username it will move on to the password prompt.


So, for example, right now I don't have a timeout set on my Mooltipass Mini, and because my PC provides offline USB charging power my Mooltipass remains unlocked even if I turn my computer off and start it back up the next day.  Since the USB port provided power while the computer was off, I didnt have to unlock the card and I was immediately able to use manual login for the OS login prompt (no PIN required).  Since then I have been pulling the smart card or USB cable when I'm shutting down.  I could, of course just remember to set a reasonable timeout at some point, though... (maybe I'll do that once I hit "Send").  If you WANT that ability, though, it is an option.

Hope that answers your question?
-- Matt (N0BOX)

Sent from my android device.

-----Original Message-----
From: "L. V. Lammert" <lvl at omnitec.net>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Sent: Sun, 21 May 2017 19:25
Subject: Re: [Cialug] Password vaults

On Sun, 21 May 2017, Matt wrote:

> My recommendation is to carry around a Mooltipass (Mini).
>
OK, .. it may work, IF the plugin will recognize the MAC of the current
system and allow some sort of lesser authentication 'renewal'? LP on
Android uses a PIN if the system has not been rebooted since the password
was entertered within a preset timeout (i.e. 8 hours).

Since most of my machines that are used regularly just suspend or
hibernate between use that would be a reasonable option.

	Lee
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list