A little less than a year ago HackADay featured the start of a world-wide collaboration around an open source offline password keeper, the Mooltipass. The device enumerates as a keyboard and uses a PIN-locked smartcard to read an AES-256 key required to decrypt its credentials database. All password accessing operations need to be approved on its physical user interface to prevent impersonation.
As its beta testing phase is over, the Mooltipass crowdfunding campaign is now live and already achieved 44% of its $100k goal in less than four days.
(Score: 0) by Anonymous Coward on Monday November 10 2014, @06:54AM
Why not have secure passwords for everything? With password management apps and this kind of thing there's no reason not to.
(Score: 4, Insightful) by stormwyrm on Monday November 10 2014, @07:40AM
This. You never know what kind of creative stuff miscreants can do using the credentials even for innocuous-looking sites. A hacked account here can be used to post spam, at the very least. Sites also tend to evolve and you never know in what ways they can become interdependent if they aren't so already. Back in 2006 I might have considered Facebook a throw-away site whose security was unimportant. Not so today, given how it's being used: the consequences of an account breach like that would be very high. If you use a password manager then why the hell not use strong passwords for everything? You don't need to remember the strong password yourself anyway, so cognitively it costs you more to use a weak password on some sites you consider throw-away: what happens if you forget the "weak" password? The whole point of using a password manager is so that you need only remember one password.
Numquam ponenda est pluralitas sine necessitate.