PasswordPump v2.0!

Updated: Dec 15, 2020

As promised, this is v2.0 of the PasswordPump, a USB device that manages credentials for up to 250 accounts. Credentials (account names, usernames, passwords, an old password, and categories) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-256). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard, via a serial terminal, or, ideally, via a Python based program (PasswordPumpGUI) expressly written for that purpose. The device itself is approximately 1 1/8 x 2 3/4 inches, or 27 x 75 millimetres. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here.

You may continue to read more about the PasswordPump v2.0 here, however the most up-to-date source of information about the device resides here.


Custom PCB

The custom PCB for this project was manufactured by my sponsor PCBWay. They did a great job working with me to insure that the PCB was manufactured correctly and to my specifications. Prices are reasonable, turnaround time is excellent, and the customer service is exceptional.


PasswordPump Features

  • Stores up to 250 sets of credentials.

  • Authenticates with a 15 character master password.

  • Search for accounts.

  • Data entry via rotary encoder or keyboard and serial monitor, or via client Python GUI running in Windows, Ubuntu, or MacOS.

  • Sends a username and password to a computer as if typed in via the keyboard. Can also send URL, old password and account name.

  • Add account name, username, password (generated or not), URL, old password

  • Accounts are added in alphabetical order.

  • Delete an account.

  • Edit existing username, password, URL, style (inter-username/password character, <Return> or <Tab>), old password, credential groups.

  • Generate 31 character random passwords from the PasswordPump or via the client GUI.

  • Automatically saves the old password if it’s not already populated when you generate a password.

  • Backup all accounts to a second encrypted external EEprom.

  • Logout / de-authenticate via the menu, automatically locks the computer.

  • Configurable password display on or off.

  • Configurable failed login count factory reset (3, 5, 10 or 25).

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never).

  • Configurable RGB LED intensity (high, medium, low or off).

  • All account names, usernames, passwords and URLs are encrypted w/ AES-256.

  • Master password is hashed w/ SHA-256.

  • All encrypted credentials fields and the hashed master password are salted.

  • The device is not vulnerable to standard password attacks. See disclaimers.

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Associate credentials with custom groups for better organization; search by group (defaults are Favorites, Work, Personal, Home, School, Financial, Mail or Health).

  • Decoy password feature that automatically factory resets the device if entered (e.g. while the user is under duress).

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Factory reset via menu (when authenticated) wipes out all credentials.


How PasswordPump v2 Differs from PasswordPump v1

There are many important difference between the two versions of the PasswordPump. Version 2.0 is built with the ItsyBitsy M4, a 32 bit SAMD51 Cortex®-M4F MCU, which runs at 120MHz, has 512KB flash, 192KB RAM, and 2MB QSP flash (unused). It has 17 digital pins and 8 analog pins and runs at 3.3v. This difference in RAM has allowed me to add many features with version 2.0. I was totally out of RAM on the ATMega 32u4 that version 1.o was built with. New features include the following:

  • A better Python 3 based GUI for editing credentials

  • Storage of URLs (96 characters) and an old password (32 characters) for each set of credentials

  • Seven credential groups that allow you to organize your sets of credentials into custom defined categories, and one additional category for Favorites

  • Generation of 31 character random passwords

  • AES-256 encryption of credentials

  • Locks the computer when you logout of the PasswordPump

  • Configurable failed login count factory reset (3, 5, 10 or 25)

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never)

  • Configurable RGB LED intensity (high, medium, low or off)

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Search by Group.

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Several different international keyboards are supported (re-compilation may be necessary)

  • From the python GUI (PasswordPumpGUI) the user can check to see if a password has been discovered in any data breaches.

  • From the python GUI password complexity is checked (but not enforced).


Video Demonstration


Burning Firmware From the BOSSA GUI

You can download BOSSA from here: or here and install it on your MS Windows or Apple Mac OS X computer in the usual fashion. Obtain the latest version of the PasswordPump (2.0.6) bin file for M0 here, or for M4 here, and download it to C:\Temp\PasswordPump_v_2_0.ino.bin. Double click on the reset button on the PasswordPump so that the RGB LED slowly dims and brightens in blue before burning the firmware. After starting up the BOSSA user interface, to burn the firmware, use all of the defaults except specify a flash offset of 0x2000 for the ItsyBitsy M0 or 0x4000 for the ItsyBitsy M4. Be extremely careful with the offset, if you get it wrong you will brick the microcontroller. Specify the file location based on the directory to which you downloaded the .bin file (e.g. C:\Temp\PasswordPump_v_2_0.ino.bin). Select the correct port. Click on the Refresh button in the BOSSA GUI to refresh the list of ports if you don’t see the correct port listed. You might also use the Device Manager to confirm that you have the correct port selected. After selecting the correct port you’ll see ATSAMD21x18 next to Device: in the bottom right of the BOSSA GUI if you have plugged in an M0, in which case you will want to specify an offset of 0x2000 (this is most common). If you see ATSAMD51x19 then you have an M4 and will want to specify an offset of 0x4000 (this is rare). Click Write to write the firmware to the device, then click Verify to verify that it was written correctly. Finally click the reset button on the PasswordPump once to start using it.

At this time it’s also important to download the latest version of the PasswordPumpGUI, the Python user interface.

If you live inside the USA and you would like me to flash the latest version of the PasswordPump onto the device, you may ship your PasswordPump to me. Before shipping it be certain to remove both of the 25LC512 EEprom chips from the unit because that's where your (encrypted) credentials are stored. I don't need the EEprom chips to flash the device. Also please use a lot of bubble wrap when you ship it because in the past they have been damaged during shipping. Get in touch with me via email and I'll send you my shipping address. If you inadvertently brick your PasswordPump I can also fix it for you. There are instructions in the User's Manual for un-bricking the PasswordPump, but it's complicated and requires special equipment.


Bill of Materials & Variable Costs

1 AdaFruit ItsyBitsy (32-bit ARM®, SAMD51 Cortex®-M4F MCU)* $14.95 (M0 is $11.95)

2 MICROCHIP - 25LC512-I/P - 512K SPI™ Bus Serial EEPROM DIP8 3.30

1 SSD1306 I2C LED display 128x32 pixels. 1.65

1 micro USB to USB cable 100cm 1.23

1 Custom PCB 1.00

1 Rotary Encoder 0.46

1 plastic knob for rotary encoder 0.58

2 IC DIP Sockets, 8 pins each 0.10

1 RGB LED diffused 5mm 0.03

3 220ohm resistors 0.01

2 4.7kohm resistors 0.01

Shipping Envelope 0.26

Solder ~0.10


Total Parts $23.58


Shipping to UK from USA $14.50

Shipping to any location inside the USA $10.00

+ Labor for assembly

Assembly time, including kitting and burning firmware, 45 minutes.

*Retail price from Adafruit


Read this Before Purchasing

If, after reading through this blog you decide that you want a PasswordPump v2.0 of your own, you have three options. You can build your own device from scratch using the PCB design files I've published up on GitHub, along with the source code. You can visit and buy a kit from me that includes the custom PCB and solder it up yourself. Finally, you can also purchase a fully assembled PasswordPump from me on Tindie. Before you purchase a PasswordPump (a kit or fully assembled) it’s best to make sure that you can set up and successfully run the PasswordPumpGUI, that’s the Python based user interface that can be used to edit the credentials stored on the PasswordPump device. Go to the Setting Up PasswordPump GUI section of this blog or the Users' Manual, follow the instructions, and confirm that you can run the user interface before you spend money on a PasswordPump. Naturally you won’t be able to connect to the PasswordPump device over USB, but you’ll at least know that you can run the user interface. It is possible to exercise all features of the PasswordPump (with the exception of importing and exporting files) without the use of the PasswordPumpGUI, however life is much easier with the GUI working. Entering large numbers of credentials via the rotary encoder of via the serial terminal is tedious and error prone at best.

I have been using the PasswordPump for over a year now. It saves me a lot of time and aggravation and I feel way more secure about how I’m managing my many accounts; especially my financial accounts. I have 140 accounts loaded on mine and almost every account in the device has a random 31 character password that I don’t even know. Some folks say that if you know what all your passwords are, you’re doing it wrong. The only passwords that I do know are the passwords to my Windows active directory account at work (just in case), the master password for the PasswordPump, and the password for the encrypted thumb drive on which I store my PasswordPump backups and other files and documents that are important to me. Oh, and I know my ATM PIN.

I used to use the same password almost everywhere, or some variation of it. This is an extremely common and dangerous practice, because if hackers compromise the credentials for one of your accounts, you can bet that they will try to login to hundreds of other services using the same credentials. This is called password replay or credential stuffing. Next to phishing this is the most common method by which account security is compromised. I also keep the secondary EEprom device on the PasswordPump backed up, occasionally backup to a third EEprom device, and I religiously backup all of my credentials to a PasswordPump csv file, which I encrypt, and, in turn, store on an encrypted flash drive which, in turn, I store in a safe. This practice is important, because if the PasswordPump fails you don’t want to lose access to your accounts! I have worked hard to eliminate defects from the device but it’s not perfect yet and it probably never will be. There are always defects in software, and the defects I’m aware of and working on are enumerated here. But it’s likely there are more among the 7,800+ lines of code I’ve written for the project. Finally, I want you to be happy with the PasswordPump; so if you’re not, let me know, see my contact information at the bottom of this blog post.

Warning About the Micro USB Connection

I've learned that the micro USB connection on the ItsyBitsy M4 board is somewhat fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the ItsyBitsy M4 or M0 board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, you might consider getting enough material for a couple of PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! I am now recommending against the use of the magnetic USB cables, I have observed some weird behavior on Windows, Ubuntu and Raspbien when using them, specifically, the “Unable to recognize USB device” error.


Existing Projects/Products

Is there something on the market already that you can buy that accomplishes the same objective as the PasswordPump? I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing). I set out one weekend to expand on the idea presented in that project, and, 8,000 lines of code later, landed here with the PasswordPump v2.0.


Menu Navigation on the PasswordPump

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).

Master Password (only accessed during login)

Find Favorite

[same as under Find All Accounts]

Find All Accounts

[scroll through accounts list]

Send Password <RET>

Send User & Pass

Send URL

Send User Name

Send Pass (no <RET>)

Send Account

Edit Credentials

Edit Account Name

Edit User Name

Edit Password

Edit URL

Indicate Style

Assign Groups










Save to Old Password

Delete Credentials [confirm]

Send Old Password

Find By Group


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]


[same as under Find All Accounts]

Add Account

Account Name

Edit User Name

Edit Password

Indicate Style


Logout & Lock


Backup EEprom [confirm]

Restore EEprm Backup [confirm]


Show Password ON/OFF

Decoy Password ON/OFF

RGB LED Intensity





Timeout Minutes








Login Attempts





Rename Groups

Edit Group 1

Edit Group 2

Edit Group 3

Edit Group 4

Edit Group 5

Edit Group 6

Edit Group 7

Change Master Psswrd

Keyboard Language









United Kingdom

United States

Encoder Type
















Keyboard ON/OFF

Gened Password Size






Fix Corruption

Factory Reset [confirm]


Operation of the PasswordPump via Rotary Encoder

To turn the device on you simply plug it into a USB port/receptacle using a USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository here: If the device was shipped to you, assembled or as a kit, it arrives already flashed with the PasswordPump program.

The first time you power the device on you'll see something like:

PasswordPump v2.0.4

July 24 2020

(c)2020 Dan Murphy

At this point you'll want to enter your master password. Try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 15 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder button (short click) to select the character. There's presently no way to back up if you make a mistake so be careful. Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 of a second). You've just entered the master password and now you're ready to enter a set of credentials. Don’t forget your master password, it’s the only way to recover your encrypted credentials short of cracking SHA-256 or AES-256.

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a 1/2 of a second (long click).

Note: The following instructions describe the easiest way to enter credentials if you don’t have access to the PasswordPumpGUI or if it’s not working correctly. The easiest way to enter credentials is via the PasswordPumpGUI, and it’s fairly self-explanatory, so use that method if possible.

Adding Credentials via Keyboard

You can add credentials via the PasswordPump by entering them directly with the rotary encoder or by using a keyboard in combination with a serial terminal. To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Adafruit ItsyBitsy M4 (SAMD51) port. Then select Tools->Serial Monitor (or Ctrl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:

Edit Credentials

Edit Account Name

Short click, and you will see

Account Name

Edit Account

Switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:

Edit User Name

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Password

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:

Indicate Style

[the account name you entered]

Short click again and use the rotary encoder or the keyboard and serial terminal to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the PasswordPump. You should now see:

Account Name

[the account name you entered]

Long click again and you'll see:

Find Account

[the account name you entered]

You've finished entering the credentials.

Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.

Sending Credentials

Navigate to Find All Accounts and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:

Send Password <RET>

[the account name you selected]

Scroll down one menu item with the rotary encoder and you’ll see:

Send User & Password

[the account name you selected]

Short click to send the user name, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.

If you only want to send the password to the computer, followed by a carriage return, scroll back up once using the rotary encoder until you see:

Send Password <RET>

[the account name you entered]

And short click to send the password and the carriage return character.

Similarly you can send just the user name or just the account name or url.

Editing Credentials

To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find All Accounts to navigate to the account you want to edit and short click. Then scroll down to Edit Credentials and short click. Then scroll to the attribute you want to edit; Edit Account Name, Edit User Name, Edit Password, Edit URL, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.

Deleting Credentials

Make sure you have a current EEprom backed up. Navigate to Find All Accounts and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Credentials and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find All Accounts and verify that your account is deleted. If you're not able to scroll through all of your accounts, an intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.

Generating a Password

Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is its ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. When you generate the new password, the existing/old password will be moved to the Old Password attribute if it is empty. If Old Password is not empty it will not be overwritten. So you will probably want to blank out Old Password before generating the new password. To generate a password for an account simply find the account via Find All Accounts and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password <RET>) and short click. In your application on your computer, place input focus in the new password text box (typically by hitting the <TAB> key). In the PasswordPump scroll down to Edit Credentials and short click, then scroll down to Generate Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password <RET>) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the existing/old password is not accepted be aware that you have just overwritten the old password with your new generated password. To access the old password you'll need to either use the Old Password attribute (assuming it was blank before you generated the new password), Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!

Logging Out and Locking Your Computer

When you want to log out of the device navigate to Logout & Lock using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out of the PasswordPump and must enter the master password again in order to use the device. In addition to locking the PasswordPump, this also locks your computer so that you’ll need to re-authenticate to gain access to your computer. If you want to log out of the PasswordPump without locking the computer simply press the reset button on the bottom of the PasswordPump.

Toggling Keyboard Entry

Navigate to Settings, single click, and navigate to Keyboard. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard and serial terminal using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials via a serial terminal and the keyboard. This setting is saved when the PasswordPump is powered off.

Showing/Hiding Passwords

Using the rotary encoder navigate to Settings, single click, then navigate to Show Password. Short click to toggle the setting. This setting is saved when you log out and power down the device. This setting determines if passwords are shown or hidden on the PasswordPump. The setting for the PasswordPumpGUI is independent.

Decoy Password

Using the rotary encoder navigate to Settings, single click, then navigate to Decoy Password. This setting controls behaviour whereby the PasswordPump is factory reset when you enter your password followed by the uppercase characters FR when logging into the PasswordPump. This is useful if someone is forcing you to authenticate to the PasswordPump and you want to immediately Factory Reset the device. Remember that if you enter the decoy password you will lose all of the credentials stored on the primary and secondary EEprom chips installed on the PasswordPump.

RGB LED Intensity

You can control the intensity of the RGB LED by navigating to Settings and selecting RGB LED Intensity. Select High, Medium, Low, or Off using the rotary encoder. Long click to save your setting.

Automatic PasswordPump Logout

To control the duration of PasswordPump inactivity time after which you will be automatically logged out of the PasswordPump, navigate to Settings, then to Timeout minutes, and set your inactivity time to 30, 60, 90, 120, 240, 1 or Never. Note that the inactivity timer on the PasswordPump does not lock your computer screen (although a sound security practice is to set a timeout on your computer for your computer, as well).

Login Attempts

To set the number of failed login attempts allowed before a factory reset of the PasswordPump is performed, navigate to Settings and Login Attempts. You can select 3, 5, 10, or 25 failed login attempts.

Backing Up to EEprom

On the Password Pump navigate to Backup/Restore, then to Backup EEprom using the rotary encoder. Short click, then confirm that you want to copy credentials and settings from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green. It should only take about two seconds to complete this operation.

Restore a Backup from EEprom

If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Backup/Restore, then to Restore Backup, on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green. The master password remains the same. This operation completes in about two seconds.

Rename Groups

Using the Rename Groups option it’s possible to customize the names of the groups. By default those names are Favorites, Work, Personal, Home, School, Financial, Mail, and Health. You can change any and all of these names to suit your needs. The group names cannot exceed 10 characters.

Change Master Password

If you want to change your master password note that you can achieve this via the PasswordPumpGUI or via the rotary encoder on the PasswordPump. If you want to change the master password via the rotary encoder, navigate to Settings and Change Master Psswrd. Single click, and then carefully enter the master password via the rotary encoder. When you’re done, long click and wait for the process to finish. The RGB LED will be yellow while the credentials are being backed up to the secondary EEprom (for about two seconds), and then quickly flash yellow while it’s re-encrypting all of your credentials and copying them back to the primary EEprom (for about 5 seconds). Check all of your credentials after changing the master password. If you are not happy with the results you can restore the backup from EEprom (see above) and reinstate the former master password. If you are happy with the results, back up to EEprom. If for whatever reason you cannot remember your new master password just after changing it, swap the positions of the EEprom chips on the PasswordPump device and login with the old master password.

Performing a Factory Reset

You want to wipe out all of the encrypted credentials on the primary and backup EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password from both EEprom chips by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset also wipes out the credentials stored on the backup EEprom.


Groups allow you to assign groups to credentials so that you can find them faster when you’re trying to send them. The default groups are Favorites, Work, Personal, Home, School, Financial, Mail and Health. These group names, except for Favorites, are configurable. You’ll notice that the default credential search on the main menu is Find Favorites. After that you encounter Find All Accounts, and then Find By Group.

“Lefty” Rotary Encoders

You might notice (especially if you’ve sourced the parts yourself), that after you’ve built your PasswordPump and burned the firmware, that the rotary encoder isn’t behaving as expected, that is, when you rotate it clockwise it proceeds backwards through the alphabet and through the numbers instead of forwards through the alphabet. The PasswordPump functions perfectly fine like this but you may wish to straighten it out. To fix this you merely need to navigate to Settings->Encoder Type and change it from ‘Normal’ to ‘Lefty’; and don’t worry, the setting is remembered if you power cycle the device. If you factory reset the device you’ll need to change the Encoder Type to Lefty again.


Setting Up PasswordPumpGUI

This is what the PasswordPumpGUI looks like:

Download Python 3.8 for your computer’s operating system from here: After installing Python 3.8, use pip to install the tendo, PyCmdMessenger and powned packages:

pip install tendo

pip install PyCmdMessenger

pip install powned

You may need to install Tkinter:

sudo apt-get install python3-tk

Now you can download from this location: Save the file to your desktop. Then create PasswordPumpGUI.bat and save that to your desktop as well. Here are it’s contents (assuming you’re on Windows and you installed Python 3.8 to C:\python3)::

c:\python3\python c:\yourUsername\desktop\

Substitute c:\python3 from above with the location where you installed Python 3.8, and substitute yourUsername with your username. Now place your PasswordPump into Edit with Computer mode and you should be able to double click on PasswordPumpGUI.bat from your desktop to launch the PasswordPumpGUI python program. Open the correct port and you’ll be able to edit credentials from the GUI.


Importing and Exporting Files with PasswordPumpGUI

One of the best features of the PasswordPumpGUI is that it allows you to import a couple of file formats and export to what I call the PasswordPump format. All of these formats are .csv files, or files full of comma separated values.

PasswordPump Format

The PasswordPump format looks like this:

accountname, username, password, oldpassword, url, style, group

For example:

"_Active Directory", "YOURDOMAIN\yourname", "yourpassword", "yourlastpassword", "", "1", 75



If you import from a file that’s in PassworPump format individual credential sets will need to be in the format specified above. And when you export to the PasswordPump format, which is recommended for keeping backups, it will produce a file in the format above, including the header row..

KeePass Format

The PasswordPumpGUI will also allow you to point it at files in a KeePass .csv format and move those credentials into the PasswordPump. That format is as follows:

Account, Login Name, Password, Web Site

“Yahoo Mail”, “myYahooName”, “q9jc34j043”, “”

Remove the heading row if it exists before you import the file, otherwise you’ll end up with an extra account entitled “Account” that you’ll want to delete.

Chrome Format

The PasswordPumpGUI will also allow you to point it at files in Chrome .csv format and move those credentials into the PasswordPump device. The expected format is as follows:

name, url, username, password


Remove the heading row if it exists before you import the file, otherwise you’ll end up with an extra account entitled “name” that you’ll want to delete.


PasswordPump Tips & Tricks

  • Do not make a habit out of unplugging the device from it’s micro-B USB port. Instead unplug the end of the cord that plugs directly into the computer (USB A), and leave the device plugged into the cord. This reduces the wear and tear on the device’s micro USB port and will extend the life of the unit. I have seen similar micro-B USB ports fail, especially on the cheap Chinese made ATMega 32u4 boards that were sometimes used for version one of the PasswordPump. I am now recommending against the use of the magnetic USB cables, I have observed some weird behavior on Windows, Ubuntu and Raspbien when using them, specifically, the “Unable to recognize USB device” error.

  • After you create a KeePass or a Chrome export file, and before importing into the PasswordPump, edit the .csv file and make sure that none of the accounts have embedded commas (,), pipes (|), tildes (~), or slashes(/ or \). These characters tend to create problems and I am working on solutions. After removing the problematic characters save the .csv file before importing. You may need to change some of your existing passwords if they contain the problematic characters..

  • If you have many accounts, associate the accounts you use the most with the Favorites group. Of these favorite accounts, name the accounts you use the very most with an _ (underscore) first so that they will sort to the top of the Favorites list. I use this technique to identify my MS Active Directory credentials, which I have to supply in many places. That account is named _Active Directory, so it always sorts to the very top. After I login to the device I can short click three times and my _Active Directory password is typed into the computer via the PasswordPump. Using this technique my most frequently used password is always a few clicks away. Even after I have sent a different password, I can quickly send the ‘default’ password with three long clicks followed by three short clicks. Just be sure your input focus is on the password field when you do this.

  • A master password should be something that you can enter reasonably quickly using the rotary encoder, so if you’re going to use a word think of one that’s made up of characters from the beginning of the alphabet. For example; cabbages or Abacus. There are many other examples. You want a word or a combination of words and numbers that are not tedious to enter via the encoder. So I typically select a word that I can enter quickly followed by a four digit number. Of course you can enter anything you like, as long as it doesn’t exceed 15 characters. Even a four digit pin might be secure enough for you.

  • Remember to Backup to EEprom after changing attributes of existing credentials or after adding new credentials. I usually confirm that I can navigate through all existing accounts forwards and backwards before executing a Backup to EEprom operation, just to be sure the linked list that contains all of the credentials isn’t corrupt. I haven’t seen this problem for a long time, however.

  • Before changing the master password make sure that you have a fresh backup in PasswordPump CSV format on hand (and hopefully encrypted). Immediately after performing a Change Master Password operation, confirm that you can navigate through all the accounts forwards and backwards, then perform a Backup to EEprom operation. If for some reason your credentials look corrupted after a Change Master Password operation (and before you backup), Restore EEprom Backup will restore your credentials to the primary EEprom with the original master password. You can also import the latest PasswordPump formatted CSV file via the PasswordPumpGUI after a Factory Reset, if necessary.

  • Before removing the EEprom chip(s) from the device, power it off by unplugging it from your computer.

  • Instead of executing a Restore EEprom Backup operation you can carefully swap the positions of the EEprom chips instead, and then Backup EEprom.

  • Maintain a third EEprom backup and secure it in a safe place. You can purchase extra 25LC512-I/P DIP8 chips on AliExpress, Amazon or Ebay. If your data are corrupted and you cannot Restore EEprm Backup, you can insert this backup into the primary EEprom position (the top chip). Don’t forget to perform a Backup EEprom operation twice; once to create a new offline backup and once to create a new online backup, for safety.

  • EEprom chips can be moved to another PasswordPump device and will continue to function without modification. The master password moves with the EEprom chip. The hashed master password and salt are stored in the external EEprom chips.

  • Always be careful about inserting the EEprom chips in the correct direction, with the dimples closest to the display. I've made the mistake of putting one in backwards and they heat up. I didn't do permanent damage to the PasswordPump or the EEprom chip, but your experience could be different.

  • Use the PasswordPumpGUI to create a PasswordPump formatted .csv file. Encrypt this file and/or store it on an encrypted thumb drive, and store the thumb drive in a safe or safe deposit box (perhaps alongside your EEprom backup). If your PasswordPump’s data becomes corrupted you can perform a Factory Reset operation and then Import Password Pump file via the PasswordPumpGUI. If you are diligent about backing up your credentials in this manner (and in the manner described in the previous bullet) you can use the PasswordPump as your system of record for all of your credentials.

  • If the Old Password field is empty, it’s automatically populated with the existing password when the Generate password button is clicked in the PasswordPumpGUI or directly via the device. If the field is not empty, clicking on the Generate password button will not move the existing password to the Old Password field, but it will overwrite the existing password with the generated password. If the Old Password field is populated and you want the existing password to move to the Old Password field after clicking the Generate button (which would be the typical use case), then blank out the Old Password and move input focus off of that field (so that the change is saved to the device) before clicking on Generate. The Old Password field is intended to protect the user from the situation whereby a password change is being made, the Generate button is selected to generate a new password, but the application or website for which you’re changing the password does not accept the newly generated password for any reason and you have therefore lost the currently active password. By proper use of the Old Password field, in this situation, you have not lost the currently active password, it is in the Old Password field, and you can still use it to continue trying to reset the password. If you have feedback concerning the way this works, let me know.

  • Use of the PasswordPumpGUI currently requires the installation of Python 3.8. At some point in the future an .exe will be created so that this requirement can be removed.

  • By design it’s possible to remove and replace the 25LC512 EEprom chips. For example, if you Backup/Restore->Backup EEprom, you can then remove the lower EEprom chip, which is the secondary/backup EEprom (the one closest to the RGB LED), and put it aside for safe keeping. You’d then want to use a third EEprom in its place, reinserting it into the device with the correct orientation, i.e. with the small dimple on the chip closest to the screen. Be careful when removing and inserting these chips, the legs are delicate and easily bent. The best way to pull the chips out is with a chip puller. Make sure the device is powered off whenever you’re inserting or removing one of these chips. Finally, after replacing the secondary/backup EEprom with a new 25LC256, execute Backup/Restore->Backup one more time to populate the newly inserted EEprom chip with all of the encrypted credentials.

  • You've forgotten your master password and you want to reset the device (hopefully because you're going to import your credentials from a PasswordPump backup file), but you can't because you obviously can't login to the device. Do you remember what your setting is for failed Login Attempts? The default is 10. Try to login to the PasswordPump that many times and the device will automatically factory reset! Set the new master password after the factory reset, and now you can import your PasswordPump backup file via the PasswordPumpGUI.

  • While an 8 character password using only lowercase equals 26^8 combinations and will crack in less than 2 minutes via a brute force attack, a 10-character passphrase with uppercase, lowercase, numbers, and symbols is 94^10 combinations and will take approximately 600 years to crack, according to Random-ize, “How Long Would It Take to Hack My Password”, My master password would take 589 years to crack (with a computer, not a rotary encoder, and without the retry maximum that resets the device!). My AD password would take 3,718,234,074,674,426,000 years to crack via brute force attack. I think that’s 3.7 quintillion. The sun will burn out in 5 billion years. Naturally, none of this will do you any good if you re-use your passwords. And yes, the advent of quantum computing will change these numbers significantly.

  • Source code is located here:

  • Send any issues and suggestions to


RGB Colors and Meanings

Color Meaning

Green Logged in/Logged in

Orange Backing up EEprom memory

Alternating Blue and Red Initializing EEprom or auto logout pending

Purple Sending creds, backing up to EEprom, editing with

computer via PasswordPumpGUI.

Red Error backing up or initializing EEprom, or failed

login attempt(s).

Yellow Error backing up or initializing EEprom

Yellow fast flash Changing master password

Constantly changing Not logged in


Error Codes

These error codes are observed on the PasswordPump device, typically on the third line, when something goes wrong. The screen will invert to get your attention and the error will show for at least two seconds. If you see any of these codes you should report the incident to me at

000 - SSD1306 allocation failed (only visible via serial)

001 - Error navigating Off On menu

002 - Error navigating main menu

003 - Error navigating edit credentials menu

004 - Error navigating send credentials menu

005 - Error navigating settings menu

006 - Error showing credential values

007 - Unrecognized event

008 - Invalid state when showing Off On menu

009 - Invalid login attempt maximum

010 - Out of space

011 - Corruption found

012 - Out of space during import

013 - Failed to open file for import

014 - Failed to mount FAT file system during import

015 - Failed to initialize flash during import

016 - Invalid RGB LED Intensity position

017 - Invalid maximum login attempt count

018 - Invalid logout timeout value

019 - Invalid keyboard, show password or decoy password value

020 - Account name keeps encrypting to 255 in first char during import

021 - User name is too long on import

022 - Password is too long on import

023 - Web site is too long on import

024 - Account name is too long on import

025 - Invalid group specified

026 - Invalid search group specified

027 - Invalid group menu item specified

028 - Invalid state during event single click

029 - Invalid state encountered during rotate counter clockwise event

030 - Invalid state encountered during rotate clockwise event

031 - Empty credentials found in linked list

032 - Corrupt linked list

033 - Corrupt linked list in FindAccountPos.

034 - Failed to initialize flash during PasswordPump CSV file import

035 - Group length is greater than one

036 - Too many fields found in PasswordPump CSV file during import

037 - Failed to open PasswordPump CSV file for import

038 - Invalid position in file menu

039 - Encrypted account name starts with 255, fixing...

040 - Invalid position when returning to a find by group menu

041 - Corrupt link list encountered while counting accounts

042 - Invalid position when returning to settings menu

043 - Invalid group number when customizing groups

044 - Invalid category number when customizing groups from PasswordPumpGUI

045 - Invalid keyboard language specified

046 - Invalid encoder type specified



If you're interested in hacking around with the PasswordPump v2.0 the locations for some of the datasheets might be helpful:

AdaFruit ItsyBitsy (32-bit ARM®, SAMD51 Cortex®-M4F MCU)

Data Sheet:

MICROCHIP - 25LC512-I/P - 512K SPI™ Bus Serial EEPROM DIP8, one primary one backup.

Data Sheet:

SSD1306 I2C LED display 128x32 pixels.

Data Sheet:


Why PasswordPump?

Why should I use the PasswordPump instead of a more traditional password manager? There are several interesting discussions in the links provided below. For me it boils down to speed and security. With practice I'm able to quickly locate the credentials for any account to which I need to login, and I have many of them. I feel more secure knowing that my credentials are encrypted and stored in only one place; on a device I can hold in my hand and store in my safe. Someone who wants access to my credentials needs to take possession of the device and needs to crack the encryption. That requires a very high level of motivation.

Why you shouldn’t store passwords in your browser

Most web browsers offer to store your passwords for you. This might seem like an ideal way to keep track of your passwords – but it’s actually a bad idea. Here are some reasons why:

  • The password security on browsers isn’t that great – even if you are using a secure browser. Sometimes, these passwords are stored in plain text. There are also tools available online that can give hackers access to your computer (either physically or remote access schemes) and view/steal passwords stored in the browser.

  • Most browsers will only record the username and password you enter into a web page. They won’t help you generate a password, or tell you if the password is strong, or remind you that you already used this same password on 10 other pages.


How safe are password managers? Good discussion:

More password discussion:


Known Defects

It would be disingenuous, and irresponsible, for me to tout the benefits of the PasswordPump without disclosing it's problems, too. Here's a list of the defects I know about. If you encounter something else that looks like a problem please let me know.

  1. In the PasswordPumpGUI, if an account name contains a comma, and you visit the field, after exiting the PasswordPumpGUI and reloading all of the accounts, the comma has changed into a hashtag and all of the remaining fields are blank. You need to change the account name by adding a new account (minus the comma) and deleting the existing account.

  2. It is possible to enter a duplicate account via the PasswordPump device or via a combination of the PasswordPump and the PasswordPumpGUI. This is a problem because of #3, next.

  3. When deleting duplicate accounts (duplicate account names) corruption is introduced and you need to restore from the backup EEprom.

  4. Embedded quotes in a CSV import file are not getting saved to the field. I'm working on this one but for now try to remove embedded quotes from the fields.

  5. When you import credentials with <CR><LF> in the account name bad things happen. I'm not remembering how I learned of this problem but please avoid it by refraining from importing credentials with embedded carriage return/line feed characters.

  6. When entering an account name 29 chars long via keyboard, nothing gets entered. I am working on this problem.

  7. Found 5/10/2020, fixed in 2.0.4: Via PasswordPumpGUI Insert, then <Alt><Tab> to another application. Upon returning to PasswordPumpGUI the Account Name is "Unknown". Set focus to another account, the PasswordPump and PasswordPumpGUI freeze. Close the PasswordPumpGUI window and long click on the PasswordPump. Now there is only one account in the PasswordPump. Restore from secondary EEprom.

  8. If you select Keyboard Language more than once the device freezes. To workaround this you need to press the reset button, login to the device, and navigate to Settings->Keyboard Language to confirm if the correct keyboard language is