Search

PasswordPump v2.0!

Updated: Dec 15, 2020





As promised, this is v2.0 of the PasswordPump, a USB device that manages credentials for up to 250 accounts. Credentials (account names, usernames, passwords, an old password, and categories) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-256). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard, via a serial terminal, or, ideally, via a Python based program (PasswordPumpGUI) expressly written for that purpose. The device itself is approximately 1 1/8 x 2 3/4 inches, or 27 x 75 millimetres. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here.


You may continue to read more about the PasswordPump v2.0 here, however the most up-to-date source of information about the device resides here.


Custom PCB


The custom PCB for this project was manufactured by my sponsor PCBWay. They did a great job working with me to insure that the PCB was manufactured correctly and to my specifications. Prices are reasonable, turnaround time is excellent, and the customer service is exceptional.

PasswordPump Features


  • Stores up to 250 sets of credentials.

  • Authenticates with a 15 character master password.

  • Search for accounts.

  • Data entry via rotary encoder or keyboard and serial monitor, or via client Python GUI running in Windows, Ubuntu, or MacOS.

  • Sends a username and password to a computer as if typed in via the keyboard. Can also send URL, old password and account name.

  • Add account name, username, password (generated or not), URL, old password

  • Accounts are added in alphabetical order.

  • Delete an account.

  • Edit existing username, password, URL, style (inter-username/password character, <Return> or <Tab>), old password, credential groups.

  • Generate 31 character random passwords from the PasswordPump or via the client GUI.

  • Automatically saves the old password if it’s not already populated when you generate a password.

  • Backup all accounts to a second encrypted external EEprom.

  • Logout / de-authenticate via the menu, automatically locks the computer.

  • Configurable password display on or off.

  • Configurable failed login count factory reset (3, 5, 10 or 25).

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never).

  • Configurable RGB LED intensity (high, medium, low or off).

  • All account names, usernames, passwords and URLs are encrypted w/ AES-256.

  • Master password is hashed w/ SHA-256.

  • All encrypted credentials fields and the hashed master password are salted.

  • The device is not vulnerable to standard password attacks. See disclaimers.

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Associate credentials with custom groups for better organization; search by group (defaults are Favorites, Work, Personal, Home, School, Financial, Mail or Health).

  • Decoy password feature that automatically factory resets the device if entered (e.g. while the user is under duress).

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Factory reset via menu (when authenticated) wipes out all credentials.

How PasswordPump v2 Differs from PasswordPump v1


There are many important difference between the two versions of the PasswordPump. Version 2.0 is built with the ItsyBitsy M4, a 32 bit SAMD51 Cortex®-M4F MCU, which runs at 120MHz, has 512KB flash, 192KB RAM, and 2MB QSP flash (unused). It has 17 digital pins and 8 analog pins and runs at 3.3v. This difference in RAM has allowed me to add many features with version 2.0. I was totally out of RAM on the ATMega 32u4 that version 1.o was built with. New features include the following:


  • A better Python 3 based GUI for editing credentials

  • Storage of URLs (96 characters) and an old password (32 characters) for each set of credentials

  • Seven credential groups that allow you to organize your sets of credentials into custom defined categories, and one additional category for Favorites

  • Generation of 31 character random passwords

  • AES-256 encryption of credentials

  • Locks the computer when you logout of the PasswordPump

  • Configurable failed login count factory reset (3, 5, 10 or 25)

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never)

  • Configurable RGB LED intensity (high, medium, low or off)

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Search by Group.

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Several different international keyboards are supported (re-compilation may be necessary)

  • From the python GUI (PasswordPumpGUI) the user can check to see if a password has been discovered in any data breaches.

  • From the python GUI password complexity is checked (but not enforced).

Video Demonstration



Burning Firmware From the BOSSA GUI

You can download BOSSA from here: https://github.com/seawarrior181/PasswordPump_II or here https://github.com/shumatech/BOSSA/releases and install it on your MS Windows or Apple Mac OS X computer in the usual fashion. Obtain the latest version of the PasswordPump (2.0.6) bin file for M0 here, or for M4 here, and download it to C:\Temp\PasswordPump_v_2_0.ino.bin. Double click on the reset button on the PasswordPump so that the RGB LED slowly dims and brightens in blue before burning the firmware. After starting up the BOSSA user interface, to burn the firmware, use all of the defaults except specify a flash offset of 0x2000 for the ItsyBitsy M0 or 0x4000 for the ItsyBitsy M4. Be extremely careful with the offset, if you get it wrong you will brick the microcontroller. Specify the file location based on the directory to which you downloaded the .bin file (e.g. C:\Temp\PasswordPump_v_2_0.ino.bin). Select the correct port. Click on the Refresh button in the BOSSA GUI to refresh the list of ports if you don’t see the correct port listed. You might also use the Device Manager to confirm that you have the correct port selected. After selecting the correct port you’ll see ATSAMD21x18 next to Device: in the bottom right of the BOSSA GUI if you have plugged in an M0, in which case you will want to specify an offset of 0x2000 (this is most common). If you see ATSAMD51x19 then you have an M4 and will want to specify an offset of 0x4000 (this is rare). Click Write to write the firmware to the device, then click Verify to verify that it was written correctly. Finally click the reset button on the PasswordPump once to start using it.


At this time it’s also important to download the latest version of the PasswordPumpGUI, the Python user interface.


If you live inside the USA and you would like me to flash the latest version of the PasswordPump onto the device, you may ship your PasswordPump to me. Before shipping it be certain to remove both of the 25LC512 EEprom chips from the unit because that's where your (encrypted) credentials are stored. I don't need the EEprom chips to flash the device. Also please use a lot of bubble wrap when you ship it because in the past they have been damaged during shipping. Get in touch with me via email and I'll send you my shipping address. If you inadvertently brick your PasswordPump I can also fix it for you. There are instructions in the User's Manual for un-bricking the PasswordPump, but it's complicated and requires special equipment. dan-murphy@comcast.net.

Bill of Materials & Variable Costs


1 AdaFruit ItsyBitsy (32-bit ARM®, SAMD51 Cortex®-M4F MCU)* $14.95 (M0 is $11.95)

2 MICROCHIP - 25LC512-I/P - 512K SPI™ Bus Serial EEPROM DIP8 3.30

1 SSD1306 I2C LED display 128x32 pixels. 1.65

1 micro USB to USB cable 100cm 1.23

1 Custom PCB 1.00

1 Rotary Encoder 0.46

1 plastic knob for rotary encoder 0.58

2 IC DIP Sockets, 8 pins each 0.10

1 RGB LED diffused 5mm 0.03

3 220ohm resistors 0.01

2 4.7kohm resistors 0.01

Shipping Envelope 0.26

Solder ~0.10

----------

Total Parts $23.58

==========


Shipping to UK from USA $14.50

Shipping to any location inside the USA $10.00

+ Labor for assembly

Assembly time, including kitting and burning firmware, 45 minutes.


*Retail price from Adafruit


Read this Before Purchasing


If, after reading through this blog you decide that you want a PasswordPump v2.0 of your own, you have three options. You can build your own device from scratch using the PCB design files I've published up on GitHub, along with the source code. You can visit Tindie.com and buy a kit from me that includes the custom PCB and solder it up yourself. Finally, you can also purchase a fully assembled PasswordPump from me on Tindie. Before you purchase a PasswordPump (a kit or fully assembled) it’s best to make sure that you can set up and successfully run the PasswordPumpGUI, that’s the Python based user interface that can be used to edit the credentials stored on the PasswordPump device. Go to the Setting Up PasswordPump GUI section of this blog or the Users' Manual, follow the instructions, and confirm that you can run the user interface before you spend money on a PasswordPump. Naturally you won’t be able to connect to the PasswordPump device over USB, but you’ll at least know that you can run the user interface. It is possible to exercise all features of the PasswordPump (with the exception of importing and exporting files) without the use of the PasswordPumpGUI, however life is much easier with the GUI working. Entering large numbers of credentials via the rotary encoder of via the serial terminal is tedious and error prone at best.


I have been using the PasswordPump for over a year now. It saves me a lot of time and aggravation and I feel way more secure about how I’m managing my many accounts; especially my financial accounts. I have 140 accounts loaded on mine and almost every account in the device has a random 31 character password that I don’t even know. Some folks say that if you know what all your passwords are, you’re doing it wrong. The only passwords that I do know are the passwords to my Windows active directory account at work (just in case), the master password for the PasswordPump, and the password for the encrypted thumb drive on which I store my PasswordPump backups and other files and documents that are important to me. Oh, and I know my ATM PIN.


I used to use the same password almost everywhere, or some variation of it. This is an extremely common and dangerous practice, because if hackers compromise the credentials for one of your accounts, you can bet that they will try to login to hundreds of other services using the same credentials. This is called password replay or credential stuffing. Next to phishing this is the most common method by which account security is compromised. I also keep the secondary EEprom device on the PasswordPump backed up, occasionally backup to a third EEprom device, and I religiously backup all of my credentials to a PasswordPump csv file, which I encrypt, and, in turn, store on an encrypted flash drive which, in turn, I store in a safe. This practice is important, because if the PasswordPump fails you don’t want to lose access to your accounts! I have worked hard to eliminate defects from the device but it’s not perfect yet and it probably never will be. There are always defects in software, and the defects I’m aware of and working on are enumerated here. But it’s likely there are more among the 7,800+ lines of code I’ve written for the project. Finally, I want you to be happy with the PasswordPump; so if you’re not, let me know, see my contact information at the bottom of this blog post.


Warning About the Micro USB Connection

I've learned that the micro USB connection on the ItsyBitsy M4 board is somewhat fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the ItsyBitsy M4 or M0 board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, you might consider getting enough material for a couple of PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! I am now recommending against the use of the magnetic USB cables, I have observed some weird behavior on Windows, Ubuntu and Raspbien when using them, specifically, the “Unable to recognize USB device” error.

Existing Projects/Products


Is there something on the market already that you can buy that accomplishes the same objective as the PasswordPump? I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Hackster.io. Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing). I set out one weekend to expand on the idea presented in that project, and, 8,000 lines of code later, landed here with the PasswordPump v2.0.

Menu Navigation on the PasswordPump


You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).


Master Password (only accessed during login)

Find Favorite

[same as under Find All Accounts]

Find All Accounts

[scroll through accounts list]

Send Password <RET>

Send User & Pass

Send URL

Send User Name

Send Pass (no <RET>)

Send Account

Edit Credentials

Edit Account Name

Edit User Name

Edit Password

Edit URL

Indicate Style

Assign Groups

Favorites

Work

Personal

Home

School

Financial

Mail

Health

GeneratePassword

Save to Old Password

Delete Credentials [confirm]

Send Old Password

Find By Group

Favorites

[same as under Find All Accounts]

Work

[same as under Find All Accounts]

Personal

[same as under Find All Accounts]

Home

[same as under Find All Accounts]

School

[same as under Find All Accounts]

Financial

[same as under Find All Accounts]

Mail

[same as under Find All Accounts]

Health

[same as under Find All Accounts]

Add Account

Account Name

Edit User Name

Edit Password

Indicate Style

GeneratePasswrd

Logout & Lock

Backup/Restore

Backup EEprom [confirm]

Restore EEprm Backup [confirm]

Settings

Show Password ON/OFF

Decoy Password ON/OFF

RGB LED Intensity

High

Medium

Low

Off

Timeout Minutes

30

60

90

120

240

Never

1

Login Attempts

3

5

10

25

Rename Groups

Edit Group 1

Edit Group 2

Edit Group 3

Edit Group 4

Edit Group 5

Edit Group 6

Edit Group 7

Change Master Psswrd

Keyboard Language

Czech

Danish

Finnish

French

German

Norwegian

Spanish

Swedish

United Kingdom

United States

Encoder Type

Normal

Lefty

Font

Arial14

Arial_bold_14

Callibri10

TImesNewRoman13

Adafruit5x7

font5x7

lcd5x7

Stang5x7

System5x7

Orientation

Lefty

Righty

Keyboard ON/OFF

Gened Password Size

8

10

16

24

31

Fix Corruption

Factory Reset [confirm]

Operation of the PasswordPump via Rotary Encoder


To turn the device on you simply plug it into a USB port/receptacle using a USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository here: https://github.com/seawarrior181/PasswordPump_II. If the device was shipped to you, assembled or as a kit, it arrives already flashed with the PasswordPump program.

The first time you power the device on you'll see something like:


PasswordPump v2.0.4

July 24 2020

(c)2020 Dan Murphy


At this point you'll want to enter your master password. Try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 15 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder button (short click) to select the character. There's presently no way to back up if you make a mistake so be careful. Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 of a second). You've just entered the master password and now you're ready to enter a set of credentials. Don’t forget your master password, it’s the only way to recover your encrypted credentials short of cracking SHA-256 or AES-256.

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a 1/2 of a second (long click).


Note: The following instructions describe the easiest way to enter credentials if you don’t have access to the PasswordPumpGUI or if it’s not working correctly. The easiest way to enter credentials is via the PasswordPumpGUI, and it’s fairly self-explanatory, so use that method if possible.

Adding Credentials via Keyboard

You can add credentials via the PasswordPump by entering them directly with the rotary encoder or by using a keyboard in combination with a serial terminal. To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Adafruit ItsyBitsy M4 (SAMD51) port. Then select Tools->Serial Monitor (or Ctrl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:

Edit Credentials

Edit Account Name

Short click, and you will see

Account Name

Edit Account

Switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:

Edit User Name

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Password

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:

Indicate Style

[the account name you entered]

Short click again and use the rotary encoder or the keyboard and serial terminal to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the PasswordPump. You should now see:

Account Name

[the account name you entered]

Long click again and you'll see:

Find Account

[the account name you entered]

You've finished entering the credentials.

Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.

Sending Credentials

Navigate to Find All Accounts and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:

Send Password <RET>

[the account name you selected]


Scroll down one menu item with the rotary encoder and you’ll see:


Send User & Password

[the account name you selected]

Short click to send the user name, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.

If you only want to send the password to the computer, followed by a carriage return, scroll back up once using the rotary encoder until you see:

Send Password <RET>

[the account name you entered]

And short click to send the password and the carriage return character.

Similarly you can send just the user name or just the account name or url.

Editing Credentials

To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find All Accounts to navigate to the account you want to edit and short click. Then scroll down to Edit Credentials and short click. Then scroll to the attribute you want to edit; Edit Account Name, Edit User Name, Edit Password, Edit URL, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.

Deleting Credentials

Make sure you have a current EEprom backed up. Navigate to Find All Accounts and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rota