Mooltipass Mini - Your Passwords On The Go!
<html> <p>(Update: <a href=„https://www.kickstarter.com/projects/limpkin/mooltipass-mini-your-passwords-on-the-go/description#h:stretch-goals“ target=„_blank“>Stretch Goals can be found here</a> and on the „Updates“ tab)</p> <div class=„template asset“ contenteditable=„false“ data-id=„13823647“> <figure><img alt=„“ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/823/647/7420b3f808f680c77c2eb9d4c5f959c7_original.JPG?w=680&fit=max&v=1474491532&auto=format&q=92&s=0c6d32f51fea4a5e3714b824347b828d“/></figure></div> <p>Our online lives are always expanding and along with new territory come new usernames and passwords… leading us to experience <strong><a href=„http://www.bbc.com/news/technology-37573795“ target=„_blank“>security fatigue</a></strong>. The Mooltipass Mini is designed to help you keep all of your passwords secure, while still leaving them easy for you to access no matter where you need them. Whether you're looking to improve your existing password management methods, or just starting to explore how to manage them all, the Mini has something for you!  </p> <p>The Mini connects to <strong>any USB-capable device</strong> (phone, tablet, computer, etc). To use it, all you need to do is insert your personal smartcard, unlock it with your PIN, and start using your device. You'll be able to log in anywhere with a quick tap on the desk or a few tweaks of the scroll wheel!</p> <p>Here's a quick overview of its features:</p> <ul><li><strong>One Mini can be shared by multiple users</strong>, identified by their personal cards</li> <li><strong>One smartcard works on multiple Mooltipass Minis</strong>: have a backup Mini!</li> <li>The Mooltipass Mini isn't vulnerable to standard password manager attacks</li> <li>Mooltipass Mini cards can safely be cloned without compromising security</li> <li>User credentials can safely be exported: backups are encrypted!</li> <li>Your credentials are safely encrypted inside the Mooltipass Mini</li> <li><strong>Only remember one card PIN to access all your credentials</strong></li> <li>Tamper evident case made of Anodized Aluminum</li> <li>Secure firmware updates</li> </ul> <div class=„template asset“ contenteditable=„false“ data-id=„13937866“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/937/866/2871a3985dc7626a79788b750443d0c0_original.gif?w=680&fit=max&v=1475286749&auto=format&gif-q=50&q=92&s=87202c3ea02787ac1aef0d11eda4c422“/></figure></div> <p>Excellent question! If you browse the Internet regularly, you have no doubt amassed a healthy assortment of accounts for various sites and services you use daily, monthly, or even once in a blue moon.</p> <p>Do you have no problem remembering all of your <em>unique and different passwords</em> for those services without using something to help you remember them, not to mention each site's differing password requirements? OK, then maybe the Mini isn't something you need… but wouldn't it be awesome if there was a device that could remember all of your passwords for you? The Mini can help with that!</p> <p><strong>Do You Use Something Else to Store Your Passwords?</strong> </p> <div class=„template asset“ contenteditable=„false“ data-id=„13813269“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/813/269/eb3dc5366f3a56c20ff725d2877a0926_original.gif?w=680&fit=max&v=1474421873&auto=format&gif-q=50&q=92&s=11bd368de043f80a936bda4982129fe9“/></figure></div> <p>Many people use software tools to store and organize their passwords. That's a great first step, but consider what happens if a piece of particularly nasty malware compromises your computer. It can steal your password database, and the next time you use it to log in to a website, it can also steal your master password. We're not kidding, in fact, <a href=„http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/“ target=„_blank“>something similar happened to a well-known password vault</a>. Since we decouple the decryption key from your computer, it becomes much harder for a malicious program to make off with all of your account information.</p> <p><strong>Do You Use the Same Password (or a Set of Similar Passwords) in Multiple Places?</strong> </p> <div class=„template asset“ contenteditable=„false“ data-id=„13813276“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/813/276/82928063a2d5a4f8169b4051ebf81e72_original.gif?w=680&fit=max&v=1474421907&auto=format&gif-q=50&q=92&s=edc5c50f84dfdbfc7692a2518b786001“/></figure></div> <p>Well, you've certainly solved the problem of remembering your passwords… but have you considered what happens if one of those services is compromised and your password is stolen?  An attacker now knows the email address you used to register for the service - and if it has the same password, chances are he can now access a lot of information about you… for example:</p> <ul><li>E-bill reminders</li> <li>Bank information</li> <li>Accounts for online merchants</li> <li>And all the other services you use…</li> </ul><p>Hopefully you haven't used the same password for any of those services… but don't forget many services will email you a password reset link. With all of this information at their fingertips, a malicious person can easily take control of your online life!</p> <p><strong>OK, So You Used a Different Password for Your Email Address… But What About the Password Reset Questions?</strong></p> <p>Many people's accounts are compromised because they did nothing more than choose security questions to which the answers are easily guessed or can be found elsewhere online. Your high school, or mother's maiden name? Perhaps those can be found on your Facebook account or LinkedIn profile… You can even have the Mini remember some obscure answers to security questions for you!</p> <p><strong>As You Can See, the Strength of Your Security is Only as Strong as the Weakest Part. </strong></p> <p>As cliché as the information is, the only way to ensure your accounts stay secure are to use unique and complex passwords for each one - and thus we come full circle to the first paragraph of this section. That's why we created the Mooltipass and Mooltipass Mini - to make it easy to start (or continue) good security practices for all of your online accounts. It can even help you out by generating long, complex, random passwords anytime you create a new account somewhere or wish to change an existing password.</p>
<div class=„template asset“ contenteditable=„false“ data-id=„13914277“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/914/277/45c0459d603eff7c1b07cc108a5026fb_original.gif?w=680&fit=max&v=1475142041&auto=format&gif-q=50&q=92&s=8b988c9ec8abd2e33c796ec2c978b7cc“/></figure></div> <p>Not hard at all - we created cross platform browser plugins to add all kinds of features, like automatic detection of login forms, adding/creating/updating credentials, and even adding them to a favorites list on the device for quick access. Just plug it in, unlock it with your smartcard, and start using your computer. You can even <strong>knock on the table to approve credentials requests !</strong> </p> <p>Our Chrome extension and App have been used for nearly 2 years now, and we are currently testing our newly developed extension for Firefox.</p> <div class=„template asset“ contenteditable=„false“ data-id=„13898003“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/898/003/2d212ffd9e3d88717c2e9351ffa08ce8_original.gif?w=680&fit=max&v=1475033596&auto=format&gif-q=50&q=92&s=4ef00b3d88d91b18630ce131cb2df730“/></figure></div> <p>You can also use the Mooltipass Mini on any computer, tablet, smartphone, or any other device that can support a USB keyboard. Then you can just unlock your Mini and select which credentials you'd like to send to the device - no drivers required, and it doesn't matter whether it's Windows, Mac OS, Linux, Android, etc…</p> <p>We've had extensive discussions on the user interface with our beta testers, and the end result is something everyone has found easy to use.</p>
<div class=„template asset“ contenteditable=„false“ data-id=„13813295“> <figure><img alt=„“ class=„fit js-lazy-image“ src=„https://ksr-ugc.imgix.net/assets/013/813/295/2526939db4688acd02d64a350cc62e83_original.gif?w=680&fit=max&v=1474422006&auto=format&gif-q=50&q=92&s=42cfbd8bc57ed137ca6eb84183724047“/></figure></div>
<p>The Mooltipass mini has the same security as its larger brother - namely:</p> <ul><li><strong>A Smartcard</strong> to securely store the AES-256 encryption key for your protected information. This disconnects the encryption key from your secured data, meaning that even if your computer is compromised, the encryption key cannot be accessed by any malicious software on the machine.</li> <li><strong>PIN-based Authentication</strong> - 4 wrong PIN entries and the card will self-destruct, putting a significant damper on the viability of brute-force attacks. Don't worry, it's easy to securely duplicate your access card, on the off chance something happens to the original!</li> <li><strong>Tamper Detection</strong> - To ensure you know nobody has tinkered with your Mooltipass Mini, the aluminium cases are sealed with high-strength adhesive. <a href=„https://fry.blueblue.fr/mpm/teardown/“ target=„_blank“>One of our beta testers tried to open a Mini</a> without causing damage… suffice it to say it was pretty obvious someone had attempted to tamper with the device by the time they managed to access the (quite charred) circuit board. </li> <li><strong>Fully Encrypted Backups</strong> - You can rest assured knowing that the backup files are encrypted using the same key stored on your smartcard. Even if someone compromises your computer (or cloud storage account) and obtains the exported data, they will not be able to decrypt your passwords. </li> <li><strong>Secure Firmware Updates</strong> - The Mooltipass Mini includes a way to safely update the firmware running on it using digital signatures. This will allow us to add new features to your device in the future!</li> </ul> <p>The Mooltipass Mini was designed with our users in mind. Many of them commented that the larger version wasn't quite as portable as we'd originally thought. Based on their feedback, we shrank it down to only 79 x 37 x 12 mm. We also halved the size of the smartcards in order to keep the unit small and unobtrusive when in use.</p> <div class=„template asset“ contenteditable=„false“ data-id=„13823940“> <figure><img alt=„“ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/823/940/0e937b05fe935166a453312ff7586729_original.JPG?w=680&fit=max&v=1474492767&auto=format&q=92&s=34baf6b035dfd13c274bbb6bc9628ab1“/></figure></div> <p>As economical as plastic enclosures can be, our team felt they just weren't right for the Mini. After some experimentation and a test batch of aluminium enclosures, all of our beta testers fell in love with the metal design. Not only does it look awesome, but it's also far more scratch-resistant than a plastic enclosure - and that's a pretty big plus for something you would carry around a lot.</p> <div class=„template asset“ contenteditable=„false“ data-id=„13822974“> <figure><img alt=„“ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/822/974/c4e1f7f36f034084c19b2a8e569294b7_original.JPG?w=680&fit=max&v=1474487676&auto=format&q=92&s=eb8f417e32401ed65f941b55706dc71e“/></figure></div> <p>To maximize portability and utility, there are a few additional features we'd like to share:</p> <p><strong>Scroll Wheel</strong></p> <p>Touch interfaces tend to need a lot of space to work well. Instead, the mini sports a compact, clickable scroll wheel as its main navigation mechanism.</p> <p><strong>Ambidextrous Use</strong></p> <p>Since the Mini fits so easily in one hand, it can be configured to work with the scroll wheel either on the right, or on the left, whichever you find most comfortable.</p> <p><strong>Accelerometer</strong></p> <p>Don't want to hold it in your hand? No problem, you can use it hands-free! If it is unlocked and you visit a website with stored credentials, you can simply tap on your desk to confirm that you wish to log in.</p>
<div class=„template asset“ contenteditable=„false“ data-id=„13915029“> <figure><img alt=„“ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/915/029/6e8273b0a4b7df930fc06542b0650797_original.jpg?w=680&fit=max&v=1475148117&auto=format&q=92&s=a55c735f1edc5859d48352718b1b8c11“/></figure></div> <ul><li><strong>Device Size</strong>: 79 x 37 x 12mm </li> <li><strong>Working Voltage</strong>: 4.75V to 5.25V </li> <li><strong>Current</strong> <strong>Consumption</strong>: 0.5A maximum </li> <li><strong>Connector</strong>: micro-USB 2.0 (full speed) </li> <li><strong>Internal</strong> <strong>Memory</strong>: 4Mb </li> <li><strong>Smart Card Support</strong>: AT88SC102 </li> <li><strong>True Random Number Generation </strong></li> <li><strong>Interface Type</strong>: clickable scroll wheel </li> <li><strong>Case Material</strong>: Brushed Anodized Aluminum </li> <li><strong>Display</strong>: 128×32 pixels monochrome 2.23„ blue OLED screen</li> </ul> <div class=„template asset“ contenteditable=„false“ data-id=„14008287“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/014/008/287/d49302f63acc811872d34479caf551dd_original.JPG?w=680&fit=max&v=1475774784&auto=format&q=92&s=6f11f7b6fdd8dad375c17a986d79026e“/></figure></div> <p>Mass producing a new product is not inexpensive. We've already done much of the pre-production work, but the final production run is where the Kickstarter campaign comes in.</p> <p>We need your help to fund the fabrication of a large batch of devices, so that we can get them into the hands of anyone that wants one.</p> <p>Some of the work we've already done includes:</p> <ul><li>Prototypes and beta-testing (in fact, we went through three iterations of the Mini hardware!) </li> <li>Coordinating with a trustworthy manufacturer to fabricate and assemble the devices </li> <li>Setting up for production of the laser-engraved aluminium cases </li> <li>Finding a printer and making a test batch of smartcards </li> <li>Finding suppliers and distributors for our components</li> <li>A nice box to protect and show off the unit </li> </ul><p>As you can see, we are well on our way, but we still need your help to make it over the final hurdle. We hope we can count on your support, if you still have questions after browsing the information on this page, please don't hesitate to contact us! We'll be glad to clear up any confusion or answer questions that aren't detailed here.</p>
<div class=„template asset“ contenteditable=„false“ data-id=„14149902“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/014/149/902/77e80c6da0e87f62503244d801e1c78c_original.png?w=680&fit=max&v=1476742333&auto=format&lossless=true&s=47671a13698caca51df808d05a32f058“/></figure></div> <p>If we hit Fr. 70,000, you will be able to choose from one of these four colors for your Mooltipass Minis: black, dark grey, light grey, or gold. What's more, this finish will be anodized, so you don't need to worry about it scratching, chipping, or peeling like a painted surface.    </p> <div class=„template asset“ contenteditable=„false“ data-id=„14246490“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/014/246/490/bdd3688af0972ac65d9bf7e512002ede_original.png?w=680&fit=max&v=1477349508&auto=format&lossless=true&s=23f6e9d7ae8b9daaef6744457d7cf6e2“/></figure></div> <p> if we reach Fr. 100,000, we'll make it hold TWICE as many passwords (that is, over 3000), by upgrading the flash chip from 4Mbit to 8Mbit… That's a lot of passwords!</p> <p>We're also looking at whether it's possible to implement small file storage on the mini. Unfortunately we can't make any guarantees on when we'll get this bit done, since it requires some work and coordination in a few different areas… but we'll do our best. A little extra bonus feature as our thanks, if you will.</p> <p>Why? Well, some secrets aren't passwords… things like encryption keys, tokens, or any other small bit of info that is important enough to protect, but doesn't fit within the standard Mooltipass password storage.</p> <div class=„template asset“ contenteditable=„false“ data-id=„14268598“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/014/268/598/dede02fb6ad443d9438bdfb30347a349_original.png?w=680&fit=max&v=1477482027&auto=format&lossless=true&s=effb8600d5b27590ded42884db38a835“/></figure></div> <p>If we make this goal, we'll give you an additional three anodized color choices for your mini: blue, green, and magenta. That brings the total choices up to seven!</p> <p>Why the strange number? Well, it's not far from the second stretch goal, and this isn't a major change on top of already offering color choices, just a little extra in the way of logistics for us. </p> <div class=„template asset“ contenteditable=„false“ data-id=„14396048“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/014/396/048/7c7e914eb9c13b91fb3bb0385cbff65c_original.png?w=680&fit=max&v=1478300513&auto=format&lossless=true&s=88d2ed2a6ee7bf2964cd84dba5d178cf“/></figure></div> <p>The Mini's design doesn't allow for adding a lanyard hole without significant design changes, but we've found what we believe to be the next-best thing - a lanyard that attaches to the micro-USB port. Fortunately, the Mini is small and light enough that this is a viable option - so we're thrilled to announce it as our fourth stretch goal at Fr. 145,000. We're already well on our way there, which is fantastic!</p> <p>(Yes, the keen-eyed will notice the image above is a mock-up. Samples of the real thing are on their way from a supplier and we'll give you a genuine photo of the result when we've got them in our hands… but we didn't want to wait for those to arrive to announce the stretch goal!)</p> <div class=„template asset“ contenteditable=„false“ data-id=„13780169“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/780/169/74383758a63e0345c0a8a1bd4982eb9f_original.jpg?w=680&fit=max&v=1474206214&auto=format&q=92&s=3d9beb4d91ded52a924c93323c6e02b1“/></figure></div> <p>Our team believes that great security can only be achieved through complete transparency. That's why we have been publishing everything that goes into making the Mooltipass on <a href=„https://github.com/limpkin/mooltipass“ target=„_blank“>our GitHub repository</a> from the project's start.</p> <p>Just like Linux-based operating systems, open source allows our product to benefit from many engineers' expertise. This results in better code quality, more trust from our final users and verified security implementation.</p> <p>We publish everything we do to provide you with the best possible security device.</p>
<div class=„template asset“ contenteditable=„false“ data-id=„13944156“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/944/156/d865d061d1e7eb0da0f9193ce7985edf_original.png?w=680&fit=max&v=1475345578&auto=format&lossless=true&s=10e147ee78b307fd372758c441ff1c67“/></figure></div> <p>The core Mooltipass team is located in Switzerland, but we have many volunteers and contributors from all around the world. The Mooltipass is truly a global effort, and we're incredibly proud of what we've accomplished with our team of contributors and their wide variety of skill-sets and backgrounds.</p>
<p>We often think that the devices and websites we use are exempt of security flaws. You may see <strong>if one of your accounts is part of the 1.5 billion that have already been compromised</strong> by visiting <strong><a href=„https://haveibeenpwned.com/“ target=„_blank“>this website</a></strong>. We also compiled a brief list of major security breaches and vulnerabilities found during the last few months: </p> <ul><li>09/2016: <a href=„https://it.slashdot.org/story/16/09/22/095255/yahoo-confirms-massive-data-breach-500-million-users-impacted-updated“ target=„_blank“>Yahoo Confirms Massive Data Breach, 500 Million Users Impacted</a> </li> <li>09/2016: <a href=„https://yro.slashdot.org/story/16/09/24/0548206/97-of-the-top-companies-have-leaked-credentials-online“ target=„_blank“>97% of the Top Companies Have Leaked Credentials Online</a> </li> <li>09/2016: <a href=„https://it.slashdot.org/story/16/09/26/1942208/as-we-speak-teen-social-site-is-leaking-millions-of-plaintext-passwords“ target=„_blank“>As We Speak, Teen Social Site Is Leaking Millions Of Plaintext Passwords</a> </li> <li>06/2016: <a href=„http://www.independent.co.uk/life-style/gadgets-and-tech/news/ios-933-iphone-users-urged-to-update-after-apple-fixes-huge-password-vulnerability-a7149851.html“ target=„_blank“>attackers can gain full remote access to an iPhone by sending a simple iMesssage</a></li> <li>06/2016: <a href=„http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/“ target=„_blank“>Teamviewer hacked, users' Paypal account drained</a></li> <li>06/2016: <a href=„https://yro.slashdot.org/story/16/06/16/2035205/github-presses-big-red-password-reset-button-after-third-party-breach“ target=„_blank“>GitHub Presses Big Red Password Reset Button After Third-Party Breach</a></li> <li>05/2016: <a href=„https://it.slashdot.org/story/16/05/27/1845202/hackers-claim-to-have-427-million-myspace-passwords“ target=„_blank“>Hackers Claim to Have 427 Million Myspace Passwords</a></li> <li>05/2016: <a href=„https://it.slashdot.org/story/16/05/30/1227252/hackers-stole-65-million-passwords-from-tumblr“ target=„_blank“>Hackers Stole 65 Million Passwords From Tumblr</a></li> <li>06/2016: <a href=„https://techcrunch.com/2016/06/08/twitter-hack/“ target=„_blank“>Passwords for 32M Twitter accounts may have been hacked and leaked</a></li> <li>06/2016: <a href=„https://bits-please.blogspot.fr/2016/06/extracting-qualcomms-keymaster-keys.html“ target=„_blank“>Android Full Disk Encryption Can Be Broken</a></li> <li>07/2016: <a href=„https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/“ target=„_blank“>New Backdoor Allows Full Access to Mac Systems</a></li> <li>08/2016: <a href=„http://arstechnica.com/security/2016/08/qualcomm-chip-flaws-expose-900-million-android-devices/“ target=„_blank“>Qualcomm security flaw allows a malicious app to gain root access</a></li> <li>06/2016: <a href=„https://it.slashdot.org/story/16/08/13/0325204/new-cache-attack-can-monitor-keystrokes-on-android-phones“ target=„_blank“>New Cache Attack Can Monitor Keystrokes On Android Phones</a></li> <li>03/2016: <a href=„https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/“ target=„_blank“>MitM Attack against KeePass 2’s Update Check</a></li> <li>07/2016: <a href=„https://it.slashdot.org/story/16/07/08/2011205/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked-apple-related-forums-compromised“ target=„_blank“>Rumors Claim 40M iCloud Accounts Hacked; Apple-Related Forums Compromised</a></li> <li>06/2016: <a href=„http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/“ target=„_blank“>Lastpass: remote 'complete account compromise' possible</a></li> <li>08/2016: <a href=„http://mashable.com/2016/08/26/iphone-malware-platform-secure“ target=„_blank“>iPhone malware that steals your data is a reminder no platform is ever safe</a></li> </ul> <div class=„template asset“ contenteditable=„false“ data-id=„13943404“> <figure><img alt=“„ class=„fit“ src=„https://ksr-ugc.imgix.net/assets/013/943/404/708fb7e78967b0c3417fcc6d234b4f1d_original.png?w=680&fit=max&v=1475339697&auto=format&lossless=true&s=93bb64abb04265796218fa5dfec7880e“/></figure></div> </html>
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International