Cableless Mooltipass

[Dnns]

Hey,

maybe I am not the only one with that desire. As I was using my Laptop the last weeks quite often and mainly in situations, where I didn't have a table I had the wish of a Mooltipass thad had a USB Connector as a USB Flash drive directly without a cable in between.

Just wanted to mention that.

[mathieu...@gmail.com]

Hello there!

I'm afraid that would however mean a bigger Mooltipass and the risk of breaking it....

Bluetooth would maybe make more sense ;)

Mathieu

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.
To post to this group, send email to moolt...@googlegroups.com.
Visit this group at https://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.

[Brad Silcox]

I cant recall if I ever formally mentioned it here or not so I'll include with this design recommendation.  I'd like to see an ultracapacitor that can keep the unit fully powered for removal while entering a pin, or to retain the pin during power cycles (I have disk encryption keys store on my mooltipass), while i do not like the idea of a fixed USB connector an integrated cable option (like you see on usb batteries) might be nice to help on the go.

Brad

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.

[mathieu...@gmail.com]

We have something like this in mind for our next device yes :).

On Wed, Apr 4, 2018 at 4:15 PM, Brad Silcox <m...@bradsilcox.com> wrote:

I cant recall if I ever formally mentioned it here or not so I'll include with this design recommendation.  I'd like to see an ultracapacitor that can keep the unit fully powered for removal while entering a pin, or to retain the pin during power cycles (I have disk encryption keys store on my mooltipass), while i do not like the idea of a fixed USB connector an integrated cable option (like you see on usb batteries) might be nice to help on the go.

Brad

On Wed, Apr 4, 2018, 10:02 Dnns <dnns...@gmail.com> wrote:

Hey,

maybe I am not the only one with that desire. As I was using my Laptop the last weeks quite often and mainly in situations, where I didn't have a table I had the wish of a Mooltipass thad had a USB Connector as a USB Flash drive directly without a cable in between.

Just wanted to mention that.

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

To post to this group, send email to moolt...@googlegroups.com.
Visit this group at https://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "mooltipass" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

[W B]

Could you elaborate on the next device somewhat?

I find myself leaving my mooltipass mini at home or generally unable to get fully off of my other password manager, largely because of the bulk and partly because of UX/storage limitations.

I think in my case, I've realized that no matter what I have to trust the browser and browser extension (which is something worth improving, maybe with full open source and replicable signatures?) and so I might as well just have a tiny Yubikey-sized device that maybe has a tiny screen saying "Fill google.com?" and a button. And everything else is done in the plugin. (I like the idea of using it as a straight-up keyboard, and it's super useful for mobile devices, but it's still somewhat of an edge case and secondary to the need to easily/automatically carry the device at all times and fill passwords.)

As for storage limitations, I use my password manager to store a lot of secrets besides just website usernames/passwords. SSH/SSL key info, personal/auto/health data, etc. So the paradigm of accessing things exclusively by url, and scrolling through long lists, and only having small fields to store data, makes mooltipass impractical for those things. If the storage format supports it, having a Secure Notes area would truly allow me to ditch other password managers, and carry my data with me at all times.

Just an idea! Great work so far. I'm still trying to bring myself to carry and use the mooltipass mini at all times, it's just a struggle. And sometimes the browser extension acts up, meaning I get to do a lot of thumb-scrolling...

Excited to see / help with new versions!

On Wednesday, April 4, 2018 at 7:22:53 AM UTC-7, Mathieu Stephan wrote:

We have something like this in mind for our next device yes :).

On Wed, Apr 4, 2018 at 4:15 PM, Brad Silcox <m...@bradsilcox.com> wrote:

I cant recall if I ever formally mentioned it here or not so I'll include with this design recommendation.  I'd like to see an ultracapacitor that can keep the unit fully powered for removal while entering a pin, or to retain the pin during power cycles (I have disk encryption keys store on my mooltipass), while i do not like the idea of a fixed USB connector an integrated cable option (like you see on usb batteries) might be nice to help on the go.

Brad

On Wed, Apr 4, 2018, 10:02 Dnns <dnns...@gmail.com> wrote:

Hey,

maybe I am not the only one with that desire. As I was using my Laptop the last weeks quite often and mainly in situations, where I didn't have a table I had the wish of a Mooltipass thad had a USB Connector as a USB Flash drive directly without a cable in between.

Just wanted to mention that.

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.

To post to this group, send email to moolt...@googlegroups.com.
Visit this group at https://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.

[mathieu...@gmail.com]

Hello there!

First of all, thanks for taking the time to give us feedback about your daily usage of the mooltipass mini. This kind of feedback does indeed help us make decisions when designing our next-gen devices!
The thought of making a much smaller device with a single button did indeed cross our minds but suffers major drawbacks that we're still trying to overcome:
- impossibility to use manual password recall when used on other programs than browsers
- how to enter a user PIN code
- device backup strategy and secure element choice (use of SIM-sized card?)

Regarding your other observations, have you tried the small file storage feature we do offer through moolticute?

Could you let us know how the extension is acting up? This is something we work on on a daily basis. You may actually package the extension yourself from our official repository.
Regarding our next-gen device, we're still making sure that what we want to do actually is feasible... but I can alread mention it'll have bluetooth!

Regards,
Mathieu

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

[W B]

Cool!

Re:

> impossibility to use manual password recall when used on other programs than browsers

in my situation this is okay. i'd almost rather do the work of writing some sort of applet that can communicate with the device from phone OSes than sacrifice the portability and usability. it's kinda like the saying they have for cameras: the best camera is the one you have on you. if you have a Nikon DSLR but never feel like lugging it on a camping trip, then it's not doing you much good.

> how to enter a user PIN code

in my mind the pin code wouldn't necessarily be needed; pressing the button when requested would be all that's required. these projects are kinda on the right track in my mind... or just imagine a YubiKey which also stored passwords (maybe with a tiny LCD screen and single button.) if a PIN is truly needed to satisfy the "something you have + something you know" factors, then it could be entered into the computer and stored on a per-session basis. (i know this is less secure, but as stated if i can't trust the browser extension then all is kinda lost anyway. and people who really really care about hardware PINs and smartcards could perhaps continue buying the Mini or something like it.)

  - http://finalkey.net/

  - http://dangerousprototypes.com/forum/viewtopic.php?f=56&t=6849#p59817

> device backup strategy and secure element choice (use of SIM-sized card?)

a smaller smart card seems great. the current backup strategy seems adequate. personally i'd probably keep the smart card inside the unit at all times: when i pull out my laptop and try to start focusing, or groggily reach for my phone to troubleshoot a server issue at 3am, every 20-second interval i spend trying to login to things feels like an eternity. it's already bad enough when my device decides it's time to reauthenticate my yubikey and i have to dig for that too ;)

> Regarding your other observations, have you tried the small file storage feature we do offer through moolticute?

i haven't, i'll be honest from the docs it sounded like a CLI-only thing but squinting harder i see it has a gui. will try it out.

> Could you let us know how the extension is acting up?

i'll have to continue testing and give feedback going forward; any experiences i had are weeks if not months old. i'm using latest ubuntu x64 and firefox if that gives any clues.

[mathieu...@gmail.com]

Hello!

> in my mind the pin code wouldn't necessarily be needed; pressing the button when requested would be all that's required. these projects are kinda on the right track in my mind... or just imagine a YubiKey which also stored passwords (maybe with a tiny LCD screen and single button.) if a PIN is truly needed to satisfy the "something you have + something you know" factors, then it could be entered into the computer and stored on a per-session basis

I definitely get your point. However, entering a master password on a potentially compromised computer isn't ideal. I wouldn't be comfortable with a PIN-free device that anyone with physical access to it could use to log into your accounts though.

> i haven't, i'll be honest from the docs it sounded like a CLI-only thing but squinting harder i see it has a gui. will try it out.

You'll be surprised how moolticute progressed since then :). You're welcome to use our beta testers only version at https://mooltipass-tests.com/mc_betas/

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

[W B]

Perhaps instead of a PIN, there can be a fingerprint reader? Something to authenticate possession without requiring a complex or large interface... Honestly if the computer is compromised to the point that it's keylogging you then that's outside my threat model, all is basically lost at that point.

Moolticute is ok but editing text docs directly would be nice. I just need secure notes, not so much file download/upload.

Basically password management sucks for everyone and is increasingly critical... but online password managers are overdue for being compromised. So I need a thing I can recommend to non-technical friends and family, and with a little UX work I think Mooltipass is the closest we've got besides just running some local app off a thumb drive / Dropbox.