Simple, effective password security... on your phone!
This app is still in beta, and not yet available in either the Google or Apple app stores. My ultimate goal is to distribute this app on the app stores.
- Install Expo from the Google app store.
- Go to https://expo.io/@gabalafou/mobile-passhash.
- Scan the QR code on that page with the Expo app.
- The app should load inside Expo.
- Download Apple TestFlight from the App Store.
- Open this link on your phone: https://testflight.apple.com/join/CECgG47B
Pro tip - make sure you've enabled Universal Clipboard. That way, whenever you copy a password generated by the app on your iPhone, you can paste it on your Mac (into a password field).
iOS on the left, Android on the right.
This section assumes that you are already familiar with how to run commands on the command line and run phone emulators on your computer.
Some prerequisites:
- Node.js
- Git
- npm
- Expo
This project was made with Expo. To learn more, visit https://expo.io.
npm install expo-cli --global
If you want to develop on this app, or run it in an emulator, you'll need to clone this repo, then:
npm install
expo start
From there, follow the instructions on screen.
I don't believe any app should ever hold a user's data hostage, so this app allows you to export all of the data it stores as a standalone web app. It does NOT export any of your passwords; the only data it exports are the web addresses you've saved and the password configurations for those sites.
The exportable web page is a self-contained, portable HTML file that can run in any browser. If you have a web server, you can upload the file to your server and then access it anywhere you have an Internet connection. If you don't have a server, one cheap and relatively easy way to make your portable html file available on the web is through GitHub.
Assuming you already have a GitHub account, all you have to do is create a new repo under your account, upload your portable html file, and enable GitHub Pages for that repo. Here's how to do that step by step:
- Log into your GitHub account
- Create a new repo (name it whatever you like)
- Export the portable html file from your phone app and save it somewhere that you will be able to upload it to GitHub
- (Optional) To make things a little easier, save the file as
index.html - Upload the file to the repo (you should be able to do this via the GitHub web app interface), committing directly to the main branch
- Go to the repo settings and look for "Pages" to enable GitHub Pages
- In the Pages settings under "Source" make sure that GitHub Pages is configured to serve your page from the root directory
The settings page should show you the URL where your page is published. If you saved the file as index.html, the link should just work; otherwise, you'll need to add the file name to the end of the URL where your repo is published.
TL;DR-- Years ago, I downloaded a Firefox extension called Passhash to better manage my passwords. The extension became obsolete, but I still needed a way to manage my passwords.
Problem: I stopped using Firefox (unsponsored product plug: I now use Brave), and I found myself needing to log into more and more apps or sites from one device.
Solution: I used a feature of the extension to export a standalone HTML page that I then hosted on my own web site. This page was a snapshot of all of the sites that I had used Passhash on and the password settings for each of those sites.
Problem: Eventually, as I joined more sites and changed passwords on others, the page got out of sync with my logins. Plus, the page was always a bit cumbersome to use on my mobile phone (the standalone page generated by the extension was not mobile-optimized). Plus, I never really liked the idea of putting that page out there on the open web. Even it didn't store any of my passwords or transmit them over the network, it did provide a list of sites that I had passwords for, as well as some details about the password for each of those sites, such as how many characters long the password was.
Solution: I pretty much always have my mobile phone with me. For some sites, I even have to use my mobile phone because of two-factor authentication. So the idea came to me to write a phone app version of the Passhash Firefox extension. Plus, I had been looking for a fairly simple app to build so I could start learning how to develop mobile apps. Since I already had significant React experience, and I didn't necessarily want to limit the app to one particular phone OS, I decided to build the app with React Native.
I am required by the Mozilla license from the original Passhash project to disclose the changes I made to source code from that project. The high level summary is that I altered none of the actual functionality of the source code that I copied. All I did was delete code and I made a few small changes to make the code work with the environment in this repo.
There were primarily two things copied from the original project:
- the code that generates a hard-to-guess password given three inputs: a non-secret string (the site tag), a secret string (the master password), and some options
- the code that generates a portable html file
I have included a folder called diffs-wijjo-passhash that contains a patch file corresponding to each file that I copied from the original project. The patch file shows precisely the modifications I made. An empty patch file in that directory means no changes were made.
The code for this project is licensed under the MIT license.