top of page
Search

PasswordPump v2.0!

Updated: Dec 15, 2020





As promised, this is v2.0 of the PasswordPump, a USB device that manages credentials for up to 250 accounts. Credentials (account names, usernames, passwords, an old password, and categories) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-256). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard, via a serial terminal, or, ideally, via a Python based program (PasswordPumpGUI) expressly written for that purpose. The device itself is approximately 1 1/8 x 2 3/4 inches, or 27 x 75 millimetres. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here.


You may continue to read more about the PasswordPump v2.0 here, however the most up-to-date source of information about the device resides here.


 

Custom PCB


The custom PCB for this project was manufactured by my sponsor PCBWay. They did a great job working with me to insure that the PCB was manufactured correctly and to my specifications. Prices are reasonable, turnaround time is excellent, and the customer service is exceptional.

 

PasswordPump Features


  • Stores up to 250 sets of credentials.

  • Authenticates with a 15 character master password.

  • Search for accounts.

  • Data entry via rotary encoder or keyboard and serial monitor, or via client Python GUI running in Windows, Ubuntu, or MacOS.

  • Sends a username and password to a computer as if typed in via the keyboard. Can also send URL, old password and account name.

  • Add account name, username, password (generated or not), URL, old password

  • Accounts are added in alphabetical order.

  • Delete an account.

  • Edit existing username, password, URL, style (inter-username/password character, <Return> or <Tab>), old password, credential groups.

  • Generate 31 character random passwords from the PasswordPump or via the client GUI.

  • Automatically saves the old password if it’s not already populated when you generate a password.

  • Backup all accounts to a second encrypted external EEprom.

  • Logout / de-authenticate via the menu, automatically locks the computer.

  • Configurable password display on or off.

  • Configurable failed login count factory reset (3, 5, 10 or 25).

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never).

  • Configurable RGB LED intensity (high, medium, low or off).

  • All account names, usernames, passwords and URLs are encrypted w/ AES-256.

  • Master password is hashed w/ SHA-256.

  • All encrypted credentials fields and the hashed master password are salted.

  • The device is not vulnerable to standard password attacks. See disclaimers.

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Associate credentials with custom groups for better organization; search by group (defaults are Favorites, Work, Personal, Home, School, Financial, Mail or Health).

  • Decoy password feature that automatically factory resets the device if entered (e.g. while the user is under duress).

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Factory reset via menu (when authenticated) wipes out all credentials.

 

How PasswordPump v2 Differs from PasswordPump v1


There are many important difference between the two versions of the PasswordPump. Version 2.0 is built with the ItsyBitsy M4, a 32 bit SAMD51 Cortex®-M4F MCU, which runs at 120MHz, has 512KB flash, 192KB RAM, and 2MB QSP flash (unused). It has 17 digital pins and 8 analog pins and runs at 3.3v. This difference in RAM has allowed me to add many features with version 2.0. I was totally out of RAM on the ATMega 32u4 that version 1.o was built with. New features include the following:


  • A better Python 3 based GUI for editing credentials

  • Storage of URLs (96 characters) and an old password (32 characters) for each set of credentials

  • Seven credential groups that allow you to organize your sets of credentials into custom defined categories, and one additional category for Favorites

  • Generation of 31 character random passwords

  • AES-256 encryption of credentials

  • Locks the computer when you logout of the PasswordPump

  • Configurable failed login count factory reset (3, 5, 10 or 25)

  • Configurable automatic logout after count of minutes (30, 60, 90, 120, 240, 1 or Never)

  • Configurable RGB LED intensity (high, medium, low or off)

  • The master password can be changed.

  • Export to PasswordPump formatted CSV file.

  • Import from PasswordPump formatted CSV file.

  • Import credentials from Chrome export.

  • Import credentials from KeePass export.

  • Search by Group.

  • Pre-auto-logout indicator/countdown via red and blue flashing RGB LED.

  • Several different international keyboards are supported (re-compilation may be necessary)

  • From the python GUI (PasswordPumpGUI) the user can check to see if a password has been discovered in any data breaches.

  • From the python GUI password complexity is checked (but not enforced).

 

Video Demonstration



 

Burning Firmware From the BOSSA GUI

You can download BOSSA from here: https://github.com/seawarrior181/PasswordPump_II or here https://github.com/shumatech/BOSSA/releases and install it on your MS Windows or Apple Mac OS X computer in the usual fashion. Obtain the latest version of the PasswordPump (2.0.6) bin file for M0 here, or for M4 here, and download it to C:\Temp\PasswordPump_v_2_0.ino.bin. Double click on the reset button on the PasswordPump so that the RGB LED slowly dims and brightens in blue before burning the firmware. After starting up the BOSSA user interface, to burn the firmware, use all of the defaults except specify a flash offset of 0x2000 for the ItsyBitsy M0 or 0x4000 for the ItsyBitsy M4. Be extremely careful with the offset, if you get it wrong you will brick the microcontroller. Specify the file location based on the directory to which you downloaded the .bin file (e.g. C:\Temp\PasswordPump_v_2_0.ino.bin). Select the correct port. Click on the Refresh button in the BOSSA GUI to refresh the list of ports if you don’t see the correct port listed. You might also use the Device Manager to confirm that you have the correct port selected. After selecting the correct port you’ll see ATSAMD21x18 next to Device: in the bottom right of the BOSSA GUI if you have plugged in an M0, in which case you will want to specify an offset of 0x2000 (this is most common). If you see ATSAMD51x19 then you have an M4 and will want to specify an offset of 0x4000 (this is rare). Click Write to write the firmware to the device, then click Verify to verify that it was written correctly. Finally click the reset button on the PasswordPump once to start using it.


At this time it’s also important to download the latest version of the PasswordPumpGUI, the Python user interface.


If you live inside the USA and you would like me to flash the latest version of the PasswordPump onto the device, you may ship your PasswordPump to me. Before shipping it be certain to remove both of the 25LC512 EEprom chips from the unit because that's where your (encrypted) credentials are stored. I don't need the EEprom chips to flash the device. Also please use a lot of bubble wrap when you ship it because in the past they have been damaged during shipping. Get in touch with me via email and I'll send you my shipping address. If you inadvertently brick your PasswordPump I can also fix it for you. There are instructions in the User's Manual for un-bricking the PasswordPump, but it's complicated and requires special equipment. dan-murphy@comcast.net.

 

Bill of Materials & Variable Costs


1 AdaFruit ItsyBitsy (32-bit ARM®, SAMD51 Cortex®-M4F MCU)* $14.95 (M0 is $11.95)

2 MICROCHIP - 25LC512-I/P - 512K SPI™ Bus Serial EEPROM DIP8 3.30

1 SSD1306 I2C LED display 128x32 pixels. 1.65

1 micro USB to USB cable 100cm 1.23

1 Custom PCB 1.00

1 Rotary Encoder 0.46

1 plastic knob for rotary encoder 0.58

2 IC DIP Sockets, 8 pins each 0.10

1 RGB LED diffused 5mm 0.03

3 220ohm resistors 0.01

2 4.7kohm resistors 0.01

Shipping Envelope 0.26

Solder ~0.10

----------

Total Parts $23.58

==========


Shipping to UK from USA $14.50

Shipping to any location inside the USA $10.00

+ Labor for assembly

Assembly time, including kitting and burning firmware, 45 minutes.


*Retail price from Adafruit


 

Read this Before Purchasing


If, after reading through this blog you decide that you want a PasswordPump v2.0 of your own, you have three options. You can build your own device from scratch using the PCB design files I've published up on GitHub, along with the source code. You can visit Tindie.com and buy a kit from me that includes the custom PCB and solder it up yourself. Finally, you can also purchase a fully assembled PasswordPump from me on Tindie. Before you purchase a PasswordPump (a kit or fully assembled) it’s best to make sure that you can set up and successfully run the PasswordPumpGUI, that’s the Python based user interface that can be used to edit the credentials stored on the PasswordPump device. Go to the Setting Up PasswordPump GUI section of this blog or the Users' Manual, follow the instructions, and confirm that you can run the user interface before you spend money on a PasswordPump. Naturally you won’t be able to connect to the PasswordPump device over USB, but you’ll at least know that you can run the user interface. It is possible to exercise all features of the PasswordPump (with the exception of importing and exporting files) without the use of the PasswordPumpGUI, however life is much easier with the GUI working. Entering large numbers of credentials via the rotary encoder of via the serial terminal is tedious and error prone at best.


I have been using the PasswordPump for over a year now. It saves me a lot of time and aggravation and I feel way more secure about how I’m managing my many accounts; especially my financial accounts. I have 140 accounts loaded on mine and almost every account in the device has a random 31 character password that I don’t even know. Some folks say that if you know what all your passwords are, you’re doing it wrong. The only passwords that I do know are the passwords to my Windows active directory account at work (just in case), the master password for the PasswordPump, and the password for the encrypted thumb drive on which I store my PasswordPump backups and other files and documents that are important to me. Oh, and I know my ATM PIN.


I used to use the same password almost everywhere, or some variation of it. This is an extremely common and dangerous practice, because if hackers compromise the credentials for one of your accounts, you can bet that they will try to login to hundreds of other services using the same credentials. This is called password replay or credential stuffing. Next to phishing this is the most common method by which account security is compromised. I also keep the secondary EEprom device on the PasswordPump backed up, occasionally backup to a third EEprom device, and I religiously backup all of my credentials to a PasswordPump csv file, which I encrypt, and, in turn, store on an encrypted flash drive which, in turn, I store in a safe. This practice is important, because if the PasswordPump fails you don’t want to lose access to your accounts! I have worked hard to eliminate defects from the device but it’s not perfect yet and it probably never will be. There are always defects in software, and the defects I’m aware of and working on are enumerated here. But it’s likely there are more among the 7,800+ lines of code I’ve written for the project. Finally, I want you to be happy with the PasswordPump; so if you’re not, let me know, see my contact information at the bottom of this blog post.


Warning About the Micro USB Connection

I've learned that the micro USB connection on the ItsyBitsy M4 board is somewhat fragile. I've learned that if I keep plugging and unplugging the cable on the micro USB side of the connection into / from the ItsyBitsy M4 or M0 board, it eventually breaks. This is a bummer because if it happens you'll need to move your EEprom chips to a new PasswordPump. If you're sourcing and building your own device, you might consider getting enough material for a couple of PasswordPumps. To help with this issue you should leave the USB cable plugged in to the PasswordPump at all times, and instead plug / unplug the other end with the computer, and leave the cable mated to the PasswordPump so that you don't wear out and break the micro USB connector. Even with this strategy it's possible to torque the connector and hose your PasswordPump, so be careful! I am now recommending against the use of the magnetic USB cables, I have observed some weird behavior on Windows, Ubuntu and Raspbien when using them, specifically, the “Unable to recognize USB device” error.

 

Existing Projects/Products


Is there something on the market already that you can buy that accomplishes the same objective as the PasswordPump? I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is built on the ATMega32u4. It was not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer, a project on Hackster.io. Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing). I set out one weekend to expand on the idea presented in that project, and, 8,000 lines of code later, landed here with the PasswordPump v2.0.

 

Menu Navigation on the PasswordPump


You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).


Master Password (only accessed during login)

Find Favorite

[same as under Find All Accounts]

Find All Accounts

[scroll through accounts list]

Send Password <RET>

Send User & Pass

Send URL

Send User Name

Send Pass (no <RET>)

Send Account

Edit Credentials

Edit Account Name

Edit User Name

Edit Password

Edit URL

Indicate Style

Assign Groups

Favorites

Work

Personal

Home

School

Financial

Mail

Health

GeneratePassword

Save to Old Password

Delete Credentials [confirm]

Send Old Password

Find By Group

Favorites

[same as under Find All Accounts]

Work

[same as under Find All Accounts]

Personal

[same as under Find All Accounts]

Home

[same as under Find All Accounts]

School

[same as under Find All Accounts]

Financial

[same as under Find All Accounts]

Mail

[same as under Find All Accounts]

Health

[same as under Find All Accounts]

Add Account

Account Name

Edit User Name

Edit Password

Indicate Style

GeneratePasswrd

Logout & Lock

Backup/Restore

Backup EEprom [confirm]

Restore EEprm Backup [confirm]

Settings

Show Password ON/OFF

Decoy Password ON/OFF

RGB LED Intensity

High

Medium

Low

Off

Timeout Minutes

30

60

90

120

240

Never

1

Login Attempts

3

5

10

25

Rename Groups

Edit Group 1

Edit Group 2

Edit Group 3

Edit Group 4

Edit Group 5

Edit Group 6

Edit Group 7

Change Master Psswrd

Keyboard Language

Czech

Danish

Finnish

French

German

Norwegian

Spanish

Swedish

United Kingdom

United States

Encoder Type

Normal

Lefty

Font

Arial14

Arial_bold_14

Callibri10

TImesNewRoman13

Adafruit5x7

font5x7

lcd5x7

Stang5x7

System5x7

Orientation

Lefty

Righty

Keyboard ON/OFF

Gened Password Size

8

10

16

24

31

Fix Corruption

Factory Reset [confirm]

 

Operation of the PasswordPump via Rotary Encoder


To turn the device on you simply plug it into a USB port/receptacle using a USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository here: https://github.com/seawarrior181/PasswordPump_II. If the device was shipped to you, assembled or as a kit, it arrives already flashed with the PasswordPump program.

The first time you power the device on you'll see something like:


PasswordPump v2.0.4

July 24 2020

(c)2020 Dan Murphy


At this point you'll want to enter your master password. Try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 15 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder button (short click) to select the character. There's presently no way to back up if you make a mistake so be careful. Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 of a second). You've just entered the master password and now you're ready to enter a set of credentials. Don’t forget your master password, it’s the only way to recover your encrypted credentials short of cracking SHA-256 or AES-256.

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a 1/2 of a second (long click).


Note: The following instructions describe the easiest way to enter credentials if you don’t have access to the PasswordPumpGUI or if it’s not working correctly. The easiest way to enter credentials is via the PasswordPumpGUI, and it’s fairly self-explanatory, so use that method if possible.

Adding Credentials via Keyboard

You can add credentials via the PasswordPump by entering them directly with the rotary encoder or by using a keyboard in combination with a serial terminal. To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Adafruit ItsyBitsy M4 (SAMD51) port. Then select Tools->Serial Monitor (or Ctrl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:

Edit Credentials

Edit Account Name

Short click, and you will see

Account Name

Edit Account

Switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:

Edit User Name

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Password

[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:

Indicate Style

[the account name you entered]

Short click again and use the rotary encoder or the keyboard and serial terminal to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the PasswordPump. You should now see:

Account Name

[the account name you entered]

Long click again and you'll see:

Find Account

[the account name you entered]

You've finished entering the credentials.

Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.

Sending Credentials

Navigate to Find All Accounts and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:

Send Password <RET>

[the account name you selected]


Scroll down one menu item with the rotary encoder and you’ll see:


Send User & Password

[the account name you selected]

Short click to send the user name, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.

If you only want to send the password to the computer, followed by a carriage return, scroll back up once using the rotary encoder until you see:

Send Password <RET>

[the account name you entered]

And short click to send the password and the carriage return character.

Similarly you can send just the user name or just the account name or url.

Editing Credentials

To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find All Accounts to navigate to the account you want to edit and short click. Then scroll down to Edit Credentials and short click. Then scroll to the attribute you want to edit; Edit Account Name, Edit User Name, Edit Password, Edit URL, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.

Deleting Credentials

Make sure you have a current EEprom backed up. Navigate to Find All Accounts and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Credentials and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find All Accounts and verify that your account is deleted. If you're not able to scroll through all of your accounts, an intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.

Generating a Password

Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is its ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. When you generate the new password, the existing/old password will be moved to the Old Password attribute if it is empty. If Old Password is not empty it will not be overwritten. So you will probably want to blank out Old Password before generating the new password. To generate a password for an account simply find the account via Find All Accounts and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password <RET>) and short click. In your application on your computer, place input focus in the new password text box (typically by hitting the <TAB> key). In the PasswordPump scroll down to Edit Credentials and short click, then scroll down to Generate Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password <RET>) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the existing/old password is not accepted be aware that you have just overwritten the old password with your new generated password. To access the old password you'll need to either use the Old Password attribute (assuming it was blank before you generated the new password), Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!

Logging Out and Locking Your Computer

When you want to log out of the device navigate to Logout & Lock using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out of the PasswordPump and must enter the master password again in order to use the device. In addition to locking the PasswordPump, this also locks your computer so that you’ll need to re-authenticate to gain access to your computer. If you want to log out of the PasswordPump without locking the computer simply press the reset button on the bottom of the PasswordPump.

Toggling Keyboard Entry

Navigate to Settings, single click, and navigate to Keyboard. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard and serial terminal using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials via a serial terminal and the keyboard. This setting is saved when the PasswordPump is powered off.

Showing/Hiding Passwords

Using the rotary encoder navigate to Settings, single click, then navigate to Show Password. Short click to toggle the setting. This setting is saved when you log out and power down the device. This setting determines if passwords are shown or hidden on the PasswordPump. The setting for the PasswordPumpGUI is independent.


Decoy Password

Using the rotary encoder navigate to Settings, single click, then navigate to Decoy Password. This setting controls behaviour whereby the PasswordPump is factory reset when you enter your password followed by the uppercase characters FR when logging into the PasswordPump. This is useful if someone is forcing you to authenticate to the PasswordPump and you want to immediately Factory Reset the device. Remember that if you enter the decoy password you will lose all of the credentials stored on the primary and secondary EEprom chips installed on the PasswordPump.


RGB LED Intensity

You can control the intensity of the RGB LED by navigating to Settings and selecting RGB LED Intensity. Select High, Medium, Low, or Off using the rotary encoder. Long click to save your setting.


Automatic PasswordPump Logout

To control the duration of PasswordPump inactivity time after which you will be automatically logged out of the PasswordPump, navigate to Settings, then to Timeout minutes, and set your inactivity time to 30, 60, 90, 120, 240, 1 or Never. Note that the inactivity timer on the PasswordPump does not lock your computer screen (although a sound security practice is to set a timeout on your computer for your computer, as well).

Login Attempts

To set the number of failed login attempts allowed before a factory reset of the PasswordPump is performed, navigate to Settings and Login Attempts. You can select 3, 5, 10, or 25 failed login attempts.


Backing Up to EEprom

On the Password Pump navigate to Backup/Restore, then to Backup EEprom using the rotary encoder. Short click, then confirm that you want to copy credentials and settings from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green. It should only take about two seconds to complete this operation.

Restore a Backup from EEprom

If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Backup/Restore, then to Restore Backup, on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green. The master password remains the same. This operation completes in about two seconds.


Rename Groups

Using the Rename Groups option it’s possible to customize the names of the groups. By default those names are Favorites, Work, Personal, Home, School, Financial, Mail, and Health. You can change any and all of these names to suit your needs. The group names cannot exceed 10 characters.


Change Master Password

If you want to change your master password note that you can achieve this via the PasswordPumpGUI or via the rotary encoder on the PasswordPump. If you want to change the master password via the rotary encoder, navigate to Settings and Change Master Psswrd. Single click, and then carefully enter the master password via the rotary encoder. When you’re done, long click and wait for the process to finish. The RGB LED will be yellow while the credentials are being backed up to the secondary EEprom (for about two seconds), and then quickly flash yellow while it’s re-encrypting all of your credentials and copying them back to the primary EEprom (for about 5 seconds). Check all of your credentials after changing the master password. If you are not happy with the results you can restore the backup from EEprom (see above) and reinstate the former master password. If you are happy with the results, back up to EEprom. If for whatever reason you cannot remember your new master password just after changing it, swap the positions of the EEprom chips on the PasswordPump device and login with the old master password.

Performing a Factory Reset

You want to wipe out all of the encrypted credentials on the primary and backup EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password from both EEprom chips by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset also wipes out the credentials stored on the backup EEprom.


Groups

Groups allow you to assign groups to credentials so that you can find them faster when you’re trying to send them. The default groups are Favorites, Work, Personal, Home, School, Financial, Mail and Health. These group names, except for Favorites, are configurable. You’ll notice that the default credential search on the main menu is Find Favorites. After that you encounter Find All Accounts, and then Find By Group.


“Lefty” Rotary Encoders

You might notice (especially if you’ve sourced the parts yourself), that after you’ve built your PasswordPump and burned the firmware, that the rotary encoder isn’t behaving as expected, that is, when you rotate it clockwise it proceeds backwards through the alphabet and through the numbers instead of forwards through the alphabet. The PasswordPump functions perfectly fine like this but you may wish to straighten it out. To fix this you merely need to navigate to Settings->Encoder Type and change it from ‘Normal’ to ‘Lefty’; and don’t worry, the setting is remembered if you power cycle the device. If you factory reset the device you’ll need to change the Encoder Type to Lefty again.


 

Setting Up PasswordPumpGUI

This is what the PasswordPumpGUI looks like: