Show HN: ID Guard Offline – A Password Manager with great security design (opens in new tab)

(bluespace.tech)

10 pointsoledeveloper4y ago3 comments

3 comments

The site makes some very bold claims ("The Safest Password Manager"), but most of it seems pretty standard fare for password managers. Also am I reading it right that backups and unencrypted and it is left up to the user how to handle them? Or if they are encrypted how do I unlock them on a new phone if I don't have access to the old one (if it was lost/destroyed)?

oledeveloperOP4y ago

The data stored in the app is encrypted with a key generated by the security chip on your phone. You need to back up your data with AES-256 encryption and then save it in your U disk or other safe place that you trust, so that you can restore the data to your new phone whenever you need.

As for its security design, here are some examples:

1. The data stored in the app is protected by the security chip, the same chip used by smartphone wallet to protect payment cards. Even if the encrypted data is stolen by means of app clone or phone backup, or the set master password is leaked, your passwords will not be disclosed. Check this out https://www.bluespace.tech/blog/evolution-of-password-manage...

2. The app doesn't have Internet permission, so your data can never be uploaded to the cloud secretly. Your data is totally under your control. This is also verifiable https://www.bluespace.tech/blog/offline/

3. Its autofill can help you detect phishing attack to prevent malicious app from stealing your passwords. It can identify overlay attacks, show what to be filled, etc. Take this video for example https://www.bluespace.tech/blog/advanced-phishing-detection/

4. The design of its desktop browser extension is really nice. The extension accesses the Internet but doesn't store data, and the app stores data but doesn't access the Internet. The two attack surfaces of storage and network are separate. It means browser vulnerabilities can't affect the security of other passwords stored in the app. Check this out https://www.bluespace.tech/blog/extension-security-design/

Thanks.

Diti4y ago

“Show HN” means OP is the maker of that project, am I right? In that case, isn’t it extremely suspicious that OP claims “great security design” in the title?

j / k navigate · click thread line to collapse