This tool could be the most secure password manager

[TheXHalferX]

It is offline, it can "autofill" fields for user. If it is possible (considering "This file is too large" issue with text files in Flipper) to add login/password pairs into totp.conf (even manually) this app really could be the most secure password manager. Happy New Year and many thanks for this already great tool!

[akopachov]

Hey, thank you for the idea.

I thought about the same for a while, and I would not say that it is something too complicated to do. But what really stops me from implementing it is that that case two factors (password and TOTP) will be stored in the same place using similar encryption methods.

To my mind this significantly increases security risks as the only thing that would need to be stolen is just Flipper device. That's it, after that all the factors become in "thief" hands. As a developer I would feel bad knowing that I'm putting users into this obvious risk.

Instead, as a password manager I really suggest to use KeePass or its port KeePassXC. It is free, open-source, major, well-known and OSI certified product. And what I love about it is that it allows you as a user to pick where would you like your database to be stored, and if you would like to keep that database offline - there is no problem.

[TheXHalferX]

I absolutely agree with you. But can all three strings (secret, login, password) be encrypted with different methods? And for added security, totp.conf file, for example, could be wiped or completely deleted from device after 3-5 false access attempts in a row. I'm sorry if I talk nonsense here.

[akopachov]

Well, think about the problem this way - imagine somebody stole your flipper device.

Now, that somebody have an access to everything what is on your SD card and Flipper itself (as they both do not have any encryption). So he can easily take a backup of that everything. And even if we put a code to delete totp.conf file after 3-5 false access attempts, it will be super-easy even for not that smart evil guy to just take that file back from backup and continue moving forward.

Also, given the fact that Flipper device hardware, software and Authenticator app are completely open-source, it will be fairly easy task to make a modification in the code to remove that piece of code which is responsible for totp.conf file removal.

And finally, evil guy would be able to bruteforce PIN by making another round of changes in the code.

All abovesaid is not critical problem if only one factor of authentication is compromised (password OR totp), however it is super-critical if two factors compromised. And the thing is that as soon as we allow to store TOTP secrets and passwords together in one place - we make it much more simpler for evil guy to compromise all the factors with just one shoot.

I might be too paranoid about it, but knowing how it could be broken and how much problem it could bring to other people my conscience does not allow me to do it.

[TheXHalferX]

As I said, I absolutely agree with you. There's never enough security. Thank you again for this already great tool and for this enlightening discussion.