PasswordPump v2.0!
Updated: Dec 15, 2020
As promised, this is v2.0 of the PasswordPump, a USB device that manages credentials for up to 250 accounts. Credentials (account names, usernames, passwords, an old password, and categories) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-256). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard, via a serial terminal, or, ideally, via a Python based program (PasswordPumpGUI) expressly written for that purpose. The device itself is approximately 1 1/8 x 2 3/4 inches, or 27 x 75 millimetres. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here.
You may continue to read more about the PasswordPump v2.0 here, however the most up-to-date source of information about the device resides here.
Custom PCB
The custom PCB for this project was manufactured by my sponsor PCBWay. They did a great job working with me to insure that the PCB was manufactured correctly and to my specifications. Prices are reasonable, turnaround time is excellent, and the customer service is exceptional.
PasswordPump Features
Stores up to 250 sets of credentials.
Authenticates with a 15 character master password.
Search for accounts.
Data entry via rotary encoder or keyboard and serial monitor, or via client Python GUI running in Windows, Ubuntu, or MacOS.
Sends a username and password to a computer as if typed in via the keyboard. Can also send URL, old password and account name.
Add account name, username, password (generated or not), URL, old password
Accounts are added in alphabetical order.
Delete an account.
Edit existing username, password, URL, style (inter-username/password character, <Return> or <Tab>), old password, credential groups.
Generate 31 character random passwords from the PasswordPump or via the client GUI.
Automatically saves the old password if it’s not already populated when you generate a password.
Backup all accounts to a second encrypted external EEprom.
Logout / de-authenticate via the menu, automatically locks the computer.
Configurable password display on or off.
Configurable failed login count factory reset (3, 5, 10 or 25).
Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never).
Configurable RGB LED intensity (high, medium, low or off).
All account names, usernames, passwords and URLs are encrypted w/ AES-256.
Master password is hashed w/ SHA-256.
All encrypted credentials fields and the hashed master password are salted.
The device is not vulnerable to standard password attacks. See disclaimers.
The master password can be changed.
Export to PasswordPump formatted CSV file.
Import from PasswordPump formatted CSV file.
Import credentials from Chrome export.
Import credentials from KeePass export.
Associate credentials with custom groups for better organization; search by group (defaults are Favorites, Work, Personal, Home, School, Financial, Mail or Health).
Decoy password feature that automatically factory resets the device if entered (e.g. while the user is under duress).
Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.
Factory reset via menu (when authenticated) wipes out all credentials.
How PasswordPump v2 Differs from PasswordPump v1
There are many important difference between the two versions of the PasswordPump. Version 2.0 is built with the ItsyBitsy M4, a 32 bit SAMD51 Cortex®-M4F MCU, which runs at 120MHz, has 512KB flash, 192KB RAM, and 2MB QSP flash (unused). It has 17 digital pins and 8 analog pins and runs at 3.3v. This difference in RAM has allowed me to add many features with version 2.0. I was totally out of RAM on the ATMega 32u4 that version 1.o was built with. New features include the following:
A better Python 3 based GUI for editing credentials
Storage of URLs (96 characters) and an old password (32 characters) for each set of credentials
Seven credential groups that allow you to organize your sets of credentials into custom defined categories, and one additional category for Favorites
Generation of 31 character random passwords
AES-256 encryption of credentials
Locks the computer when you logout of the PasswordPump
Configurable failed login count factory reset (3, 5, 10 or 25)
Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never)
Configurable RGB LED intensity (high, medium, low or off)
The master password can be changed.
Export to PasswordPump formatted CSV file.
Import from PasswordPump formatted CSV file.
Import credentials from Chrome export.
Import credentials from KeePass export.
Search by Group.
Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.
Several different international keyboards are supported (re-compilation may be necessary)
From the python GUI (PasswordPumpGUI) the user can check to see if a password has been discovered in any data breaches.
From the python GUI password complexity is checked (but not enforced).
Video Demonstration
Burning Firmware From the BOSSA GUI
You can download BOSSA from here: https://github.com/seawarrior181/PasswordPump_II or here https://github.com/shumatech/BOSSA/releases and install it on your MS Windows or Apple Mac OS X computer in the usual fashion. Obtain the latest version of the PasswordPump (2.0.6) bin file for M0 here, or for M4 here, and download it to C:\Temp\PasswordPump_v_2_0.ino.bin. Double click on the reset button on the PasswordPump so that the RGB LED slowly dims and brightens in blue before burning the firmware. After starting up the BOSSA user interface, to burn the firmware, use all of the defaults except specify a flash offset of 0x2000 for the ItsyBitsy M0 or 0x4000 for the ItsyBitsy M4. Be extremely careful with the offset, if you get it wrong you will brick the microcontroller. Specify the file location based on the directory to which you downloaded the .bin file (e.g. C:\Temp\PasswordPump_v_2_0.ino.bin). Select the correct port. Click on the Refresh button in the BOSSA GUI to refresh the list of ports if you don’t see the correct port listed. You might also use the Device Manager to confirm that you have the correct port selected. After selecting the correct port you’ll see ATSAMD21x18 next to Device: in the bottom right of the BOSSA GUI if you have plugged in an M0, in which case you will want to specify an offset of 0x2000 (this is most common). If you see ATSAMD51x19 then you have an M4 and will want to specify an offset of 0x4000 (this is rare). Click Write to write the firmware to the device, then click Verify to verify that it was written correctly. Finally click the reset button on the PasswordPump once to start using it.
At this time it’s also important to download the latest version of the PasswordPumpGUI, the Python user interface.
If you live inside the USA and you would like me to flash the latest version of the PasswordPump onto the device, you may ship your PasswordPump to me. Before shipping it be certain to remove both of the 25LC512 EEprom chips from the unit because that's where your (encrypted) credentials are stored. I don't need the EEprom chips to flash the device. Also please use a lot of bubble wrap when you ship it because in the past they have been damaged during shipping. Get in touch with me via email and I'll send you my shipping address. If you inadvertently brick your PasswordPump I can also fix it for you. There are instructions in the User's Manual for un-bricking the PasswordPump, but it's complicated and requires special equipment. dan-murphy@comcast.net.
Bill of Materials & Variable Costs
1 AdaFruit ItsyBitsy (32-bit ARM®, SAMD51 Cortex®-M4F MCU)* $14.95 (M0 is $11.95)
2 MICROCHIP - 25LC512-I/P - 512K SPI™ Bus Serial EEPROM DIP8 3.30
1 SSD1306 I2C LED display 128x32 pixels. 1.65
1 micro USB to USB cable 100cm 1.23
1 Custom PCB 1.00
1 Rotary Encoder 0.46
1 plastic knob for rotary encoder 0.58
2 IC DIP Sockets, 8 pins each 0.10
1 RGB LED diffused 5mm 0.03
3 220ohm resistors 0.01
2 4.7kohm resistors 0.01
Shipping Envelope 0.26
Solder ~0.10
----------
Total Parts $23.58
==========
Shipping to UK from USA $14.50
Shipping to any location inside the USA $10.00
+ Labor for assembly
Assembly time, including kitting and burning firmware, 45 minutes.
Read this Before Purchasing
If, after reading through this blog you decide that you want a PasswordPump v2.0 of your own, you have three options. You can build your own device from scratch using the PCB design files I've published up on GitHub, along with the source code. You can visit Tindie.com and buy a kit from me that includes the custom PCB and solder it up yourself. Finally, you can also purchase a fully assembled PasswordPump from me on Tindie. Before you purchase a PasswordPump (a kit or fully assembled) it’s best to make sure that you can set up and successfully run the PasswordPumpGUI, that’s the Python based user interface that can be used to edit the credentials stored on the PasswordPump device. Go to the Setting Up PasswordPump GUI section of this blog or the Users' Manual, follow the instructions, and confirm that you can run the user interface before you spend money on a PasswordPump. Naturally you won’t be able to connect to the PasswordPump device over USB, but you’ll at least know that you can run the user interface. It is possible to exercise all features of the PasswordPump (with the exception of importing and exporting files) without the use of the PasswordPumpGUI, however life is much easier with the GUI working. Entering large numbers of credentials via the rotary encoder of via the serial terminal is tedious and error prone at best.
I have been using the PasswordPump for over a year now. It saves me a lot of time and aggravation and I feel way more secure about how I’m managing my many accounts; especially my financial accounts. I have 140 accounts loaded on mine and almost every account in the device has a random 31 character password that I don’t even know. Some folks say that if you know what all your passwords are, you’re doing it wrong. The only passwords that I do know are the passwords to my Windows active directory account at work (just in case), the master password for the PasswordPump, and the password for the encrypted thumb drive on which I store my PasswordPump backups and other files and documents that are important to me. Oh, and I know my ATM PIN.
I used to use the same password almost everywhere, or some variation of it. This is an extremely common and dangerous practice, because if hackers compromise the credentials for one of your accounts, you can bet that they will try to login to hundreds of other services using the same credentials. This is called password replay or credential stuffing. Next to phishing this is the most common method by which account security is compromised. I also keep the secondary EEprom device on the PasswordPump backed up, occasionally backup to a third EEprom device, and I religiously backup all of my credentials to a PasswordPump csv file, which I encrypt, and, in turn, store on an encrypted flash drive which, in turn, I store in a safe. This practice is important, because if the PasswordPump fails you don’t want to lose access to your accounts! I have worked hard to eliminate defects from the device but it’s not perfect yet and it probably never will be. There are always defects in software, and the defects I’m aware of and working on are enumerated here. But it’s likely there are more among the 7,800+ lines of code I’ve written for the project. Finally, I want you to be happy with the PasswordPump; so if you’re not, let me know, see my contact information at the bottom of this blog post.
Warning About the Micro USB Connection
I've learned that the micro USB connection on the ItsyBitsy M4 board is somewhat fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the ItsyBitsy M4 or M0 board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, you might consider getting enough material for a couple of PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! I am now recommending against the use of the magnetic USB cables, I have observed some weird behavior on Windows, Ubuntu and Raspbien when using them, specifically, the “Unable to recognize USB device” error.
Existing Projects/Products
Is there something on the market already that you can buy that accomplishes the same objective as the PasswordPump? I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Hackster.io. Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing). I set out one weekend to expand on the idea presented in that project, and, 8,000 lines of code later, landed here with the PasswordPump v2.0.
Menu Navigation on the PasswordPump
You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).
Master Password (only accessed during login)
Find Favorite
[same as under Find All Accounts]
Find All Accounts
[scroll through accounts list]
Send Password <RET>
Send User & Pass
Send URL
Send User Name
Send Pass (no <RET>)
Send Account
Edit Credentials
Edit Account Name
Edit User Name
Edit Password
Edit URL
Indicate Style
Assign Groups
Favorites
Work
Personal
Home
School
Financial
Health
GeneratePassword
Save to Old Password
Delete Credentials [confirm]
Send Old Password
Find By Group
Favorites
[same as under Find All Accounts]
Work
[same as under Find All Accounts]
Personal
[same as under Find All Accounts]
Home
[same as under Find All Accounts]
School
[same as under Find All Accounts]
Financial
[same as under Find All Accounts]
[same as under Find All Accounts]
Health
[same as under Find All Accounts]
Add Account
Account Name
Edit Password
Indicate Style
GeneratePasswrd
Logout & Lock
Backup/Restore
Backup EEprom [confirm]
Restore EEprm Backup [confirm]
Settings
Show Password ON/OFF
Decoy Password ON/OFF
RGB LED Intensity
High
Medium
Low
Off
Timeout Minutes
30
60
90
120
240
Never
1
Login Attempts
3
5
10
25
Rename Groups
Edit Group 1
Edit Group 2
Edit Group 3
Edit Group 4
Edit Group 5
Edit Group 6
Edit Group 7
Change Master Psswrd
Keyboard Language
Czech
Danish
Finnish
French
German
Norwegian
Spanish
Swedish
United Kingdom
United States
Encoder Type
Normal
Lefty
Font
Arial14
Arial_bold_14
Callibri10
TImesNewRoman13
Adafruit5x7
font5x7
lcd5x7
Stang5x7
System5x7
Orientation
Lefty
Righty
Keyboard ON/OFF
Gened Password Size
8
10
16
24
31
Fix Corruption
Factory Reset [confirm]
Operation of the PasswordPump via Rotary Encoder
To turn the device on you simply plug it into a USB port/receptacle using a USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository here: https://github.com/seawarrior181/PasswordPump_II. If the device was shipped to you, assembled or as a kit, it arrives already flashed with the PasswordPump program.
The first time you power the device on you'll see something like:
PasswordPump v2.0.4
July 24 2020
(c)2020 Dan Murphy
At this point you'll want to enter your master password. Try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 15 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder button (short click) to select the character. There's presently no way to back up if you make a mistake so be careful. Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 of a second). You've just entered the master password and now you're ready to enter a set of credentials. Don’t forget your master password, it’s the only way to recover your encrypted credentials short of cracking SHA-256 or AES-256.
You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a 1/2 of a second (long click).
Note: The following instructions describe the easiest way to enter credentials if you don’t have access to the PasswordPumpGUI or if it’s not working correctly. The easiest way to enter credentials is via the PasswordPumpGUI, and it’s fairly self-explanatory, so use that method if possible.
Adding Credentials via Keyboard
You can add credentials via the PasswordPump by entering them directly with the rotary encoder or by using a keyboard in combination with a serial terminal. To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Adafruit ItsyBitsy M4 (SAMD51) port. Then select Tools->Serial Monitor (or Ctrl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:
Edit Credentials
Edit Account Name
Short click, and you will see
Account Name
Edit Account
Switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:
Edit User Name
[the account name you entered]
Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:
Edit Password
[the account name you entered]
Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:
Indicate Style
[the account name you entered]
Short click again and use the rotary encoder or the keyboard and serial terminal to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the PasswordPump. You should now see:
Account Name
[the account name you entered]
Long click again and you'll see:
Find Account
[the account name you entered]
You've finished entering the credentials.
Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.
Sending Credentials
Navigate to Find All Accounts and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:
Send Password <RET>
[the account name you selected]
Scroll down one menu item with the rotary encoder and you’ll see:
Send User & Password
[the account name you selected]
Short click to send the user name, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.
If you only want to send the password to the computer, followed by a carriage return, scroll back up once using the rotary encoder until you see:
Send Password <RET>
[the account name you entered]
And short click to send the password and the carriage return character.
Similarly you can send just the user name or just the account name or url.
Editing Credentials
To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find All Accounts to navigate to the account you want to edit and short click. Then scroll down to Edit Credentials and short click. Then scroll to the attribute you want to edit; Edit Account Name, Edit User Name, Edit Password, Edit URL, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.
Deleting Credentials
Make sure you have a current EEprom backed up. Navigate to Find All Accounts and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Credentials and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find All Accounts and verify that your account is deleted. If you're not able to scroll through all of your accounts, an intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.
Generating a Password
Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is its ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. When you generate the new password, the existing/old password will be moved to the Old Password attribute if it is empty. If Old Password is not empty it will not be overwritten. So you will probably want to blank out Old Password before generating the new password. To generate a password for an account simply find the account via Find All Accounts and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password <RET>) and short click. In your application on your computer, place input focus in the new password text box (typically by hitting the <TAB> key). In the PasswordPump scroll down to Edit Credentials and short click, then scroll down to Generate Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password <RET>) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the existing/old password is not accepted be aware that you have just overwritten the old password with your new generated password. To access the old password you'll need to either use the Old Password attribute (assuming it was blank before you generated the new password), Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!
Logging Out and Locking Your Computer
When you want to log out of the device navigate to Logout & Lock using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out of the PasswordPump and must enter the master password again in order to use the device. In addition to locking the PasswordPump, this also locks your computer so that you’ll need to re-authenticate to gain access to your computer. If you want to log out of the PasswordPump without locking the computer simply press the reset button on the bottom of the PasswordPump.
Toggling Keyboard Entry
Navigate to Settings, single click, and navigate to Keyboard. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard and serial terminal using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials via a serial terminal and the keyboard. This setting is saved when the PasswordPump is powered off.
Showing/Hiding Passwords
Using the rotary encoder navigate to Settings, single click, then navigate to Show Password. Short click to toggle the setting. This setting is saved when you log out and power down the device. This setting determines if passwords are shown or hidden on the PasswordPump. The setting for the PasswordPumpGUI is independent.
Decoy Password
Using the rotary encoder navigate to Settings, single click, then navigate to Decoy Password. This setting controls behaviour whereby the PasswordPump is factory reset when you enter your password followed by the uppercase characters FR when logging into the PasswordPump. This is useful if someone is forcing you to authenticate to the PasswordPump and you want to immediately Factory Reset the device. Remember that if you enter the decoy password you will lose all of the credentials stored on the primary and secondary EEprom chips installed on the PasswordPump.
RGB LED Intensity
You can control the intensity of the RGB LED by navigating to Settings and selecting RGB LED Intensity. Select High, Medium, Low, or Off using the rotary encoder. Long click to save your setting.
Automatic PasswordPump Logout
To control the duration of PasswordPump inactivity time after which you will be automatically logged out of the PasswordPump, navigate to Settings, then to Timeout minutes, and set your inactivity time to 30, 60, 90, 120, 240, 1 or Never. Note that the inactivity timer on the PasswordPump does not lock your computer screen (although a sound security practice is to set a timeout on your computer for your computer, as well).
Login Attempts
To set the number of failed login attempts allowed before a factory reset of the PasswordPump is performed, navigate to Settings and Login Attempts. You can select 3, 5, 10, or 25 failed login attempts.
Backing Up to EEprom
On the Password Pump navigate to Backup/Restore, then to Backup EEprom using the rotary encoder. Short click, then confirm that you want to copy credentials and settings from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green. It should only take about two seconds to complete this operation.
Restore a Backup from EEprom
If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Backup/Restore, then to Restore Backup, on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green. The master password remains the same. This operation completes in about two seconds.
Rename Groups
Using the Rename Groups option it’s possible to customize the names of the groups. By default those names are Favorites, Work, Personal, Home, School, Financial, Mail, and Health. You can change any and all of these names to suit your needs. The group names cannot exceed 10 characters.
Change Master Password
If you want to change your master password note that you can achieve this via the PasswordPumpGUI or via the rotary encoder on the PasswordPump. If you want to change the master password via the rotary encoder, navigate to Settings and Change Master Psswrd. Single click, and then carefully enter the master password via the rotary encoder. When you’re done, long click and wait for the process to finish. The RGB LED will be yellow while the credentials are being backed up to the secondary EEprom (for about two seconds), and then quickly flash yellow while it’s re-encrypting all of your credentials and copying them back to the primary EEprom (for about 5 seconds). Check all of your credentials after changing the master password. If you are not happy with the results you can restore the backup from EEprom (see above) and reinstate the former master password. If you are happy with the results, back up to EEprom. If for whatever reason you cannot remember your new master password just after changing it, swap the positions of the EEprom chips on the PasswordPump device and login with the old master password.
Performing a Factory Reset
You want to wipe out all of the encrypted credentials on the primary and backup EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password from both EEprom chips by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset also wipes out the credentials stored on the backup EEprom.
Groups
Groups allow you to assign groups to credentials so that you can find them faster when you’re trying to send them. The default groups are Favorites, Work, Personal, Home, School, Financial, Mail and Health. These group names, except for Favorites, are configurable. You’ll notice that the default credential search on the main menu is Find Favorites. After that you encounter Find All Accounts, and then Find By Group.
“Lefty” Rotary Encoders
You might notice (especially if you’ve sourced the parts yourself), that after you’ve built your PasswordPump and burned the firmware, that the rotary encoder isn’t behaving as expected, that is, when you rotate it clockwise it proceeds backwards through the alphabet and through the numbers instead of forwards through the alphabet. The PasswordPump functions perfectly fine like this but you may wish to straighten it out. To fix this you merely need to navigate to Settings->Encoder Type and change it from ‘Normal’ to ‘Lefty’; and don’t worry, the setting is remembered if you power cycle the device. If you factory reset the device you’ll need to change the Encoder Type to Lefty again.
Setting Up PasswordPumpGUI
This is what the PasswordPumpGUI looks like: