Updated: Apr 22, 2019

USB Credentials Manager

PasswordPump v1.0

This is v1.0 of the PasswordPump, a USB device that manages credentials for up to 254 accounts. Credentials (account names, usernames and passwords) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-128). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard and serial terminal. The device itself is approximately 1 1/8 x 2 3/4 inches, or 29 x 71 millimeters. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here (bottom) and here (top). Once my 3D printer arrives and I assemble it I'll be perfecting the case design.


  • Store up to 254 sets of credentials on a single 25LC256 EEprom chip.

  • Credentials are stored in alphabetical order for easy location.

  • Up to 10 failed attempts to enter the master password are allowed, then an automatic chip wipe and factory reset occurs.

  • All credentials are encrypted with AES128, the master password is hashed with SHA256.

  • All encrypted accounts and the hashed master password are salted.

  • The device is not vulnerable to standard password attacks.

  • Backups on external EEprom are encrypted.

  • All credentials can be dumped into a text file for an additional backup (e.g. to a thumb drive that's stored in a safe or safe deposit box, and encrypted).

  • Entry of credentials is supported via keyboard and serial terminal or rotary encoder.

  • Only one master password, up to 14 characters long, is required to access all of your credentials.

  • Automatic logout after 1 hour of inactivity.

  • Optional password generation, 31 characters of random letters, symbols and numbers, for extremely strong passwords.

  • Configure the display of passwords on the device to be on or off.


This video is a demonstration of the PasswordPump.

Bill of Materials & Parts Cost


Description Cost Quantity

- Arduino Pro Micro $2.87 1

- RGB LED 0.02 1

- Resistors 4.7k ~0.03 2

- Resistors 220 ~0.04 3

- Custom PCB 1.10 1

- Rotary Encoder 0.42 1

- Knob 0.15 1

- OLED 128x32 1.64 1

- Momentary push button 0.01 1

- 25LC256 External EEprom 1.89 2

*Total Cost of Parts: $8.17

*not including the USB cable

Buying a PasswordPump Kit

Via you will be able to procure a PasswordPump; either a disassembled kit or a fully assembled kit, at some point in the future if there's some demand. I'm not getting rich off of this project, I'm covering my costs, I don't expect to sell more than a handful of these to people who are excited about having one. It takes time, money and effort to procure parts, put together kits and especially to solder complete units, to accept orders and payment, and to ship them. I'm completely up front about what the parts cost me and what I'm asking, and you're free to acquire the parts and the custom PCB board yourself and assemble it yourself; there are no secrets, everything you need is here. I'm also up front with the fact that there are defects and issues with the PasswordPump that are annoying (read this entire blog before you buy a unit, including the Known Defects section at the end) and I'm hopeful that folks will help me to make the PasswordPump better over time.

Please Read! Issue with the MicroUSB Connection

I've learned that the micro USB connection on the Arduino Pro Micro board is extremely fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the Arduino Pro Micro board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, get enough material for a few PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! The official Arduino Pro Micro is made by Sparkfun, and retails for $19.95. I'm using knockoff boards for the device, they retail at about $2.87. I did purchase an official Pro Micro, and there is no visible difference between the micro USB connectors on the official unit and the knockoffs, but perhaps if you go with the original official board your results will be better.

Existing Projects/Products

I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is also built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing); and lock bits are not set to protect the credentials. I set out to expand on the idea presented in that project and, 2,000 lines of code later, landed here with the PasswordPump.

Menu Hierarchy

Master Password

Find Account

[scroll through accounts list]

Send User & Pass

Send Password <RET>

Send Username

Send Password

Send Account

Edit Credentials

Account Name

Edit Username

Edit Password

Indicate Style


Delete Account [confirm]

Add Account

Account Name

Edit Username

Edit Password

Indicate Style



Keyboard ON/OFF

Show Passwrd ON/OFF

Backup EEprom [confirm]

Backup to File

Restore Backup [confirm]

Reset [confirm]

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).


To turn the device on you simply plug it into a USB port/receptacle using a micro USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository referenced below in the Source Code section. If I shipped the device to you it arrives already flashed with the program and the lock bits are set. See the data sheet, section 28.1, for more information about setting the lock bits. Since this is an open source project it doesn't really matter anyhow. Setting the lock bits serves to better protect the hashed master password and the source code.

The first time you power the device on you'll see :

Master Password

March 11 2019 (or the date of the most recent compile)

At this point you'll want to enter your master password. Try to select a master password that you'll be happy with, because if you want to change it you have to Reset the device, and that wipes out all of your credentials. There is only one way to get the credentials back into the device after that, by keying them in via keyboard or rotary encoder. Also try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 14 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder down (short click) to select the character. There's presently no way to back up if you make a mistake so be careful (or enhance the code yourself, if you can squeeze it in!). Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 a second). You've just entered the master password and now you're ready to enter a set of credentials.

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).

Adding Credentials

To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Arduino/Genuino Micro port. Then select Tools->Serial Monitor (or Ctl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:

Account Name

Add Account

Short click, then switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Username

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Password

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:

Indicate Style

[the account name you entered]

Short click again and use the rotary encoder to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the Password Pump. You should now see:

Account Name

[the account name you entered]

Long click again and you'll see:

Find Account

[the account name you entered]

You've finished entering the credentials.

Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.

Sending Credentials

Navigate to Find Account and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:

Send User & Pass

[the account name you selected]

Short click to send the username, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.

If you only want to send the password to the computer, followed by a carriage return, scroll down once using the rotary encoder until you see:

Send Password <RET>

[the account name you entered]

And short click to send the password and the carriage return character.

Similarly you can send just the username or just the account name.

Editing Credentials

To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find Account to navigate to the account you want to edit and short click. Then scroll down to Edit Creds and short click. Then scroll to the attribute you want to edit; Account Name, Edit Username, Edit Password, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.

Deleting Credentials

Make sure you have a current EEprom backup. Navigate to Find Account and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Acct and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find Account and verify that your account is deleted. If you're not able to scroll through all of your accounts, a intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.

Generating a Password

Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is it's ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. To generate a password for an account simply find the account via Find Account and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password <RET>) and short click. In your application on your computer place input focus in the new password text box by hitting the <TAB> key. In the PasswordPump scroll down to Edit Creds and short click, then scroll down to Gen Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password <RET>) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the old password is not accepted be aware that you have just overwritten the old password with your new generated password. To restore the old password you'll need to either Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!

Logging Out

When you want to log out of the device navigate to Logout using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out and must enter the master password again in order to use the device. If you're walking away from your computer to get coffee it's good practice to lock your computer and logout of the PasswordPump.

Toggling Keyboard Entry

Navigate to Keyboard ON/OFF. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials. This setting is not saved when the device powers off and the default is Keyboard OFF.

Showing/Hiding Passwords

Using the rotary encoder navigate to Show Psswrd ON/OFF. Short click to toggle the setting. This setting is saved when you log out and power down the device.

Backing Up to EEprom

On the Password Pump navigate to Backup EEprom using the rotary encoder. Short click, then confirm that you want to backup from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green.

Back Up to a File

On the PasswordPump navigate to Backup to File using the rotary encoder. On your computer open a text editor (one without an autocomplete feature), notepad.exe works best, and place input focus inside the text editor. Personally I use UltraEdit because it has built in encryption. Then short click on Backup to File. The contents of the primary EEprom chip (all of the credentials stored in the PasswordPump) are dumped into the text editor. The RGB led turns purple, then to green when the operation is complete. It's best to encrypt this file by zipping it up with a password using WinZip or similar, and storing it on a thumb drive that you can, in turn, store in a safe or safe deposit box. Delete the original file from your computer and empty the trash. Keep this file up to date by periodically executing this operation. I carry the encrypted file with me on a thumb drive that is securely attached to my key ring, and I keep a backup of that file elsewhere.

Restore a Backup from EEprom

If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Restore Backup on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green.

Performing a Factory Reset

You want to wipe out all of the encrypted credentials on the primary EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset doesn't wipe out the credentials stored on the backup EEprom. If you use the same master password you'll be able to restore the backup and see the credentials. If you want to wipe out the backup EEprom as well, select Backup EEprom after you've entered your new master password, or swap the position of the primary and backup EEprom chips and perform another factory reset.

Using the GUI to Enter Credentials

As of April 21, 2019 there's a python 2.7 program that you can run that will help you to enter credentials from your PC. Instructions for use are in the Instructions section of the UI. The file can be downloaded from the source code repository, This file needs to be used in combination with PasswordPump_20.ino.

PasswordPump User Interface

Flashing the Program

I'm using an external programmer to burn the program onto the device. i.e. from the Arduino IDE I"m selecting Sketch-->Upload Using Programmer to send the program to the Atmel ATMega32u4/Arduino Pro Micro. I'm doing this in part because it overwrites the boot loader, and I want to overwrite the boot loader because by doing so I have more space on the device for the program. I don't think the program will fit onto the Pro Micro if the boot loader is present, but I haven't tested this. I also don't think the device will work correctly with the boot loader present for other reasons. Therefore, I use the Pololu USB AVR Programmer for this. I still have to power the device via the USB cable while programming with the external programmer. If you build the device by sourcing the parts on your own or if you build with the kit, be sure to refrain from snipping the header pins after you have soldered the Arduino Pro Micro to the USB board if you want to be able to load the firmware. If you snip the header pins flush with the PCB board there won't be a way to re-program the device; you need to connect VDD, GND, RST, MOSI, MISO, and SCK to the Arduino Pro Micro from your external programmer to flash the program. Instructions for doing this are found here. Rest assured that my initial setting of the lock bits will not prevent you from re-flashing the program. If you want to reset the lock bits after re-flashing the program you can do so. For me the easiest way to do that was to use Atmel Studio and my USB AVRISP XPII. But you don't really need to set the lock bits because the source code is now available to everyone, anyhow. The master password, stored in internal EEprom, is hashed with SHA-256.

Source Code

The source code is found here. It's heavily documented in-line, so I'm not going to go through it line by line here.

I'm certain that there are defects remaining in the program (in fact, all of the defects that I"m aware of are listed in the comments section at the top of the program, along with a list of the defects that I've addressed). Therefore use the product at you own risk. IMPORTANT: I recommend keeping your secondary EEprom up to date by backing up changes made to the primary EEprom when you add, remove or edit credentials. Then use a third EEprom so that you have two backups of your credentials. On top of that, periodically dump the credentials out to a file that you store in an encrypted file on a thumb drive, and secure the thumb drive in a safe or a safe deposit box. Finally, keep your accounts up to date so that if you need to reset a forgotten password you can do so. This product has not been professionally tested for quality purposes and it's possible that you'll lose your credentials. You have been provided with the source code so that you may correct any defects you find. That said, I've been using the device without incident for a couple of months now, and I am storing all of my credentials on it, with many of them using the generated password feature, so if I lose the device and my backups I'll need to reset my accounts, because there is absolutely no way for me to know what the passwords are at this point. I am also maintaining backups as per my recommendations above.

IMPORTANT DISCLOSURE: Using a supplied encryption library I've endeavored to encrypt all of the credentials that get stored on the external 25LC256 EEprom with AES128 (and hashed the master password, which is stored on internal EEprom with SHA256). I have salted the hashed master password and each set of credentials. This project is the first time I've ever used encryption, and there's been no formal code review, so I could have done it wrong, and the standard disclaimer (buyer beware) applies in this case. I have examined the content of the external EEprom chips (after storing many sets of credentials) using a PC and a CH340 24/25 series EEprom flash BIOS USB programmer and all of the usernames, account names and passwords appear encrypted. However, I am painfully aware that encryption is something that is very easy to do incorrectly, therefore proceed with caution. If you are skilled in this area I would appreciate a code review and some constructive feedback (please contact me directly).

The sketch presently uses 97% of program storage area and 66% of dynamic memory. This makes it extremely difficult to add new features to the product without exchanging them for existing features. There are several new features that I'd like to add but I can't because of the memory restriction. For example, after 1 hour of total inactivity the device times out and you're logged out of it. I would like to make that time period configurable (e.g. you could set it to 2 hours if you like), but I simply don't have the room to add that feature. I think one hour is probably a good compromise, and while at work with the device at my side I periodically turn the rotary encoder a click or two in any direction to push the automatic logout up an hour.


The following libraries need to be installed in your Arduino IDE if you're going to compile the source code:

- - AES and SHA library, MIT License.

- - Used for the button on the

rotary encoder, Copyright (c) 2017 LennartHennigs , MIT License.

- - Used for the rotary encoder, GNU GPL Version 3.

- - Used to send characters to

the keyboard as if typed by the user, GNU Lesser General Public License.

- - Used for internal EEprom

- - for SSD1306 display device, Bill Greiman <>.


Make sure all of the required libraries are installed. Set the board to "Arduino Leonardo". Remember that you'll be uploading via an external programmer, so set that value in Programmer:. I use the Pololu USB AVR Programmer. Connect the MISO, MOSI, RESET, GROUND, VCC, and SCK pins accordingly. Select the port associated with the external programmer before selecting Sketch-->Upload Using Programmer.

Fritzing Diagram

Initially I built the project on a breadboard using the layout above. See the Hardware Connections section for details about the connections.



This is the PCB I designed for the PasswordPump. The design files are available with the source code if you're interested in ordering your own. This is the first project I've ever designed with a PCB board, so feedback from the experienced is welcome. I would like to make the device smaller, so any advice toward that end is appreciated.

RGB Colors and Meanings

Green Logged in

Blue Not logged in

Red Failed login attempt

Error backing up or initializing EEprom

Purple Sending creds

Yellow Backing up to EEprom

Fast Flash Red / Blue Initializing external EEprom

Slow flash Red / Blue Initializing internal EEprom

Hardware Connections

- 1 Arduino Pro Micro (w/ ATMega32u4 microcontroller)

- Data Sheet:

Number Name Arduino AVR Connect To / Notes

1 TX D1 PD3

2 RX D0 PD2



5 SDA D2 PD1 SSD1306 SDA, 4.7k pullup

6 SCL D3 PD0 SSD1306 SCL, 4.7k pullup

7 A6 D4 PD4

8 D5 PC6

9 A7 D6 PD7 pin 1 backup chip select for 25LC256

10 D7 PE6 rotary button

11 A8 D8 PB4 rotary pin 2