Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper

Remembering passwords is one of those things which one just cannot seem to escape. At the very least, we all need to remember a single password: namely the one for unlocking a password manager. These password managers come in a wide variety of forms and shapes, from software programs to little devices which one carries with them. The Mooltipass Mini BLE falls into the latter category: it is small enough to comfortably fit in a hand or pocket, yet capable of remembering all of your passwords.

Heading into its crowdfunding campaign, the Mooltipass Mini BLE is an evolution of the Mooltipass Mini device, which acts as a USB keyboard by default, entering log-in credentials for you. With the required browser extension installed, this process can also be automated when browsing to a known website. Any new credentials can also be saved automatically this way.

Where the Mooltipass Mini BLE differs from the original is in that it also adds a Bluetooth (BLE) mode, enabling it to be used easily with any BLE-capable device, including laptops and smartphones, without having to dig around for a USB cable and/or OTG adapter.

I have already been using the original Mooltipass Mini for a while, and the Mooltipass team was kind enough to send me a prototype Mooltipass Mini BLE for evaluation and comparison. Let’s take a look.

Continue reading “Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper”

New Mooltipass Begins Development With Call For Collaborators

One of the most interesting aspects of our modern world is the ability to work collaboratively despite the challenges of geography and time zones. Distributed engineering is a trend which we’ve watched pick up steam over the years. One such example is the Mooltipass offline password keeper which was built by a distributed engineering team from all over the world. The project is back, and this time the goal is to add BLE to the mini version of the hardware. The call for collaborators was just posted on the project page so head over and check out how the collaboration works.

The key to the hardware is the use of a smartcard with proven encryption to store your passwords. Mooltipass is a secure interface between this card and a computer via USB. The new version will be a challenge as it introduces BLE for connectivity with smart phones. To help mitigate security risks, a second microcontroller is added to the existing design to act as a gatekeeper between the secure hardware and the BLE connection.

Mathieu Stephan is the driving force behind the Mooltipass project, which was one of the first projects on Hackaday.io and has been wildly successful in crowd funding and on Tindie. Mathieu and five other team members already have a proof of concept for the hardware. However, more collaborators are needed to help see all aspects of the project — hardware, firmware, and software — through to the end. This is a product, and in addition to building something awesome, the goal is to turn a profit.

How do you reconcile work on an Open Source project with a share of the spoils? Their plan is to log hours spent bringing the new Mooltipass to life and share the revenue using a site like colony.io. This is a tool built on the Ethereum blockchain to track contributions to open projects, assigning tokens that equate to value in the project. It’s an interesting approach and we’re excited to see how it takes shape.

You can catch up on the last few years of the Mooltipass adventure my checking out Mathieu’s talk during the 2017 Hackaday Superconference. If this article has you as excited about distributed engineer as we are, you need to check out the crew that’s building this year’s Open Hardware Summit badge!

Mathieu Stephan : The Making Of A Secure Open Source Hardware Password Keeper

Mathieu Stephan is an open source hardware developer, a Tindie seller who always has inventory, a former Hackaday writer, and an awesome all-around guy. One of his biggest projects for the last few years has been the Mooltipass, an offline password keeper built around smart cards and a USB interface. It’s the solution to Post-It notes stuck to your monitor and using the same password for all your accounts around the Internet.

The Mooltipass is an extremely successful product, and last year Mathieu launched the Mooltipass Mini. No, it doesn’t have the sweet illuminated touch-sensitive buttons, but it is a bit cheaper than its big brother and a bit more resistant to physical attacks — something you want in a device that keeps all your passwords secure.

Mathieu didn’t build the Mooltipass alone, though. This is an Open Source project that has developers and testers from around the globe. It may have started off as a Hackaday Post, but now the Mooltipass has grown into a worldwide development team with contributors across the globe. How did Mathieu manage to pull this off? You can check out his talk at the 2017 Hackaday Superconference below.

Continue reading “Mathieu Stephan : The Making Of A Secure Open Source Hardware Password Keeper”

Hackaday Links Column Banner

Hackaday Links: October 16, 2016

You need only look at the weekly user account leak from a popular web service or platform to know there’s a problem with security. Reusing passwords is the dumbest thing you can do right now, and the Mooltipass Mini is the answer to that problem. The Mooltipass originally began as a Developed on Hackaday series, and we log frequent sightings of the Multipass (maxi?) at security cons. The Mini is smaller, has exactly the same capability, and is completely unrepairable. It’s very cool, and if your email password is the same as your banking account passwords, you kind of need this yesterday.

Last weekend was the Open Hardware Summit in Portland. All the talks were worth watching, but editing the talks down into something sensible takes time. In lieu of this, OSHPark has gone through the livestream and timestamped everything

Continue reading “Hackaday Links: October 16, 2016”

The Last Week Of The Mooltipass Approacheth

A year and two days ago, [Mathieu] started out on a quest to develop some hardware with the help of Hackaday readers. This project became known as the Mooltipass, an open source offline password keeper that’s pretty much a password management suite or Post-It notes on a monitor, except not horribly insecure.

The product has gone through multiple iterations of software, [Mathieu] flew out to China to get production started, and the project finally made it to a crowdfunding site. That crowdfunding campaign is almost over with just eight days left and just a little bit left to tip this project into production. This is the last call, all hands in, and if you’re thinking about getting one of these little secure password-storing boxes, this is the time.

You can check out the Developed on Hackaday series going over the entire development of the Mooltipass, made with input from Mooltipass contributors and Hackaday readers. The Venn diagram of those two groups overlaps a lot, making this the first piece of hardware that was developed for and by Hackaday readers.

Even if you have a fool-proof system of remembering all your passwords and login credentials, the Mooltipass is still a very cool-looking Arduino-compatible board. Note that (security device) and (Arduino thing) are two distinct operating modes that should not be conflated.

[Mathieu] and other contributors will be in the comments below, along with a bunch of ‘security researchers’ saying how this device ‘is horrifying’, ‘full of holes’, and ‘a terrible idea’. One of these sets of people have actually done research. Guess which?

Hackaday Links Column Banner

Hackaday Links: November 23, 2014

The 2015 Midwest RepRap Festival, a.k.a. the MRRF (pronounced murf) was just announced a few hours ago. It will be held in beautiful Goshen, Indiana. Yes, that’s in the middle of nowhere and you’ll learn to dodge Amish buggies when driving around Goshen, but surprisingly there were 1000 people when we attended last year. We’ll be there again.

A few activists in St. Petersburg flushed GPS trackers down the toilet. These trackers were equipped with radios that would send out their position, and surprise, surprise, they ended up in the ocean.

[Stacy] has been tinkering around with Unity2D and decided to make a DDR-style game. She needed a DDR mat, and force sensitive resistors are expensive. What did she end up using? Velostat, conductive thread, and alligator clips.

You know the Espruino, the little microcontroller board that’s basically JavaScript on a USB stick? Yeah, that’s cool. Now you can do remote access through a telnet server letting you write and debug code over the net.

The Open Source RC is a beautiful RC transmitter with buttons and switches everywhere, a real display, and force feedback sticks. It was a Hackaday Prize entry, and has had a few crowdfunding campaigns. Now its hit Indiegogo again.

Speaking of crowdfunding campaigns, The Mooltipass, the designed-on-Hackaday offline password keeper, only has a little less than two weeks until its crowdfunding campaign ends. [Mathieu] and the rest of the team are about two-thirds there, with a little more than half of the campaign already over.

Developed On Hackaday: $50k Reached In A Week!

Around 500 awesome people backed the Mooltipass offline password keeper crowdfunding campaign, raising a total of $50k in less than a week… which is nearly half our goal.

The development team and I would therefore like to thank our readers for their support. We were featured by several electronics websites, which definitely helped spreading the world of open source security devices. Many interesting discussions spawned in either our comments section or official Google Group. One new contributor even started looking into implementing TOTP on the Mooltipass.

Another hot topic was a possible smaller and more powerful Mooltipass v2, implementing other functionalities like U2F and encrypted file storage. You may therefore wonder why we didn’t start with it… the reason is simple: limited resources. Our project is made by (great) non-remunerated contributors who took a lot of their spare time to work on the Mooltipass v1. We therefore preferred working on something we’d be sure we could deliver rather than wasting $4M by making promises. We therefore hope that our crowdfunding campaign might allow an even bigger collaboration around a Mooltipass v2!