Mooltipass Mini connects to your computer or smartphone and stores your passwords using a PIN-protected smart card. When you get started, the Mooltipass browser extension or smartphone app asks you to enter your password for each account, which it then saves. It also acts as a USB keyboard for adding in passwords manually. After that you’ll only need to log in by connecting the device and hitting its login button. In theory, it cuts out the need to remember and enter passwords each time you login into a site.
The smart card that stores your authentication data is encrypted with AES-256 encryption, meaning multiple cards can be used with the device.
- Plug the Mooltipass to your computer/tablet/phone. No driver is required
- Insert your smartcard, unlock it with your PIN. Without the PIN, the card is useless.
- Visit a website that needs a login. If using our browser plugin, the Mooltipass asks your permission to send the stored credentials, or asks you to save/generate new ones if you are logging in for the first time.
- If you are not using the browser plugin or are logging in on something other than a web browser, you can tell the Mooltipass to send the correct login and password. It will type it in for you, just like a keyboard – so it can be used anywhere!
Mooltipass emulates a standard USB keyboard, and can therefore type your passwords for you on Windows, Linux, Mac and even most Apple and Android devices (through the USB On-The-Go port). It doesn’t need any special drivers to function.
Integration with websites is done via a Google Chrome plugin and we are working to implement plugins for other major browsers. Several tools have also been developed by the Mooltipass community. While all password recall functionality is done through the Mooltipass device, credential management is done through a dedicated application.
Mooltipass has an internal flash in which the user encrypted credentials are stored, while a PIN-locked smartcard contains the AES-256bits key required for their decryption. Like any chip and pin card, 3 false tries will permanently disable the Mooltipass card. Credentials are sent over HID, any password accessing operation needs to be physically approved by the user on our touch interface.
The Mooltipass offers the following advantages over software-based solutions:
- Better security: Mooltipass reduces the number of attack vectors by typing your passwords for you.
- A non-proprietary device: Anyone can develop new tools for Mooltipass.
- An open-source platform: Being able to read the code allows you to check and enhance the security of our Mooltipass.
- A trusted platform: Only code that has been tested by us and reviewed by the community is running on the Mooltipass, ensuring that no viruses or malicious programs compromise your stored credentials.
Open Source
Our team believes that great security can only be achieved through complete transparency. That’s why we have been publishing everything that goes into making the Mooltipass on our GitHub repository from the project’s start.
Just like Linux-based operating systems, open source allows our product to benefit from many engineers’ expertise. This results in better code quality, more trust from our final users and verified security implementation.