nalinbhardwaj/Vespass
I am unhappy with the state of commercial password managers (every single word here links to a problem). Vespass is an uncompromising password manager with stronger security guarantees and lower friction than anything else on the market.
Vespass ships two modes: a low friction mode (with lower security) and a high security mode (with higher friction). In either case, your passwords are likely more secure than most other password managers in the market. More precisely, we measure cryptographic security as:
Notice that the high security mode is much like enabling two-factor authentication, so even if a website does not support 2FA out of the box, your password to it is stored with as much security as it could add.
Vespass uses secret sharing and end-to-end encryption to hardware-secure keys to enable these properties. It ships a macOS and iOS app that works on all Apple devices that have a secure enclave (and in future, hardware authentication devices like Yubikeys, some subset of Android/Linux/Windows devices and paper keys).
Vespass uses a combination of secret sharing and encryption to hardware secure enclave keys. With some secret sharing magic, we can force a secret (password) to be split into pieces. Each piece is then encrypted to a cryptographic key attached to the secure enclave and stored by your devices separately2. When you are ready to reassemble the secret and sign in, your devices need to decrypt their individual pieces (requiring biometrics for decryption) and then collaborate with each other to re-derive the plaintext secret. After one-time use, Vespass deletes the plaintext versions from memory, so future use remains just as secure.
