| HN Mirror

As requested, I'm commenting.

I'm a long time user of the Mooltipass, I backed the crowdfunding campaign and have now got two devices of my own, plus one of the prototype mini devices. I'm not officially affiliated with Mooltipass, but I am a strong advocate for the device, and have got a few other people interested enough to acquire devices themselves.

Let me do a quick run-down of my thoughts on it. Firstly, not everyone has the need for a hardware password manager. It solves issues which not everyone has. I picked mine up originally because it solved issues which I specifically had (mentioned later) but, as with anything, it's not one size fits all. It's an extra thing to carry around, an extra step you have to take, if that doesn't fit in with your workflow, if it's too big of a compromise, that's your choice to make. However, one of the reasons this is great is that it gives you the choice to do so if you want.

Next, the size, as limpkin has already mentioned, there is a mini version in the works, which I have been testing for a while now. My personal feelings are that I like the standard mooltipass as a desktop device, the form factor is nice for something that sits on my desk, but I will definitely keep my mini for portability. My intention is to have my work credentials on one standard device, my home ones on the other one, and then both on the mini, which I will keep in my pocket with me at all times. The size for the mini is maybe the size of two packs of chewing gum, side by side.

Ok, interface and usability. First of all, the standard device has a touch zone which can be a bit temperamental. I believe the choice was made as it would reduce the amount of moving parts. The mini however is using a scrollwheel on the side which is much easier to navigate the menus, and through testing now, has proven to be strong enough to survive in pockets, at the bottom of bags, and generally abused. Currently the only officially supported software for the device is a chrome extension (there are more in the works) and this picks up passwords you manually type into chrome, and offers to store it on the device. You can also manually add credentials using a chrome app (or python one if you so desire). When you visit a website with a known login, the device will flash and ask for permission to send the credentials. So that's a single tap on the device to accept the sending of credentials. That's not all the interaction that's needed, you put a smartcard in to unlock the device (it contains an AES key to decrypt the password database) and enter a 4-digit PIN, but once it's unlocked, it can sit on your desk. If you're not using the chrome extension, you can still use the device as it will also emulate a keyboard and can type the username and password in.

Why did I decide I need one, let alone more? I used to use KeePass, but there was a distinct possibility that my work network may get compromised at some point. I don't think it happened at any point, but if it did, it would be relatively trivial to set up a keylogger and get the master password, as well as get the database. I realise it's possible to have a key on a USB drive, but the fact remains that the lock and the key would have to sit on what could potentially be a compromised computer at some point together. With the mooltipass, at worst the passwords I was using could be compromised, but not the entire database, which might contain bank logins, or other things. I will say again, this is not necessarily a concern for everybody. Most people are not going to get targeted, but I felt there was a significant enough risk that I didn't mind spending a bit of money to help.

I am sure there are more things I could write here, but the post is getting long enough. Feel free to ask more questions about the usage and I'll attempt to answer them.

EDIT: Oh, yes, and I can use it on all computers through the keyboard emulation without having to have access to my keepass db, or setup lastpass etc