Passwords are an essential aspect of our online life, but they are also often a source of frustration and insecurity. Frustration because people have to remember different passwords, which are preferably also strong, and insecurity, because it causes people to come up with goat paths such as passwords that contain data (such as welcome2020) and are therefore easy to guess or reuse passwords.

The general advice is to manage your passwords with a password manager so you don't have to do it yourself. So far, every password manager has a vault where passwords are stored. However, such a vault is a single point of failure and is therefore vulnerable, because someone who has access to the vault has access to all your passwords.

In this article, we present a next-generation password manager that eliminates the need to store passwords, and thus the use of a vault.

Instead of storing passwords in a vault, this password manager uses a formula that allows passwords to be calculated each time. With this vault-less password manager, you can thus have the strongest possible passwords without the risks of a traditional password manager vault.

Below, we look at the benefits of this innovative approach, including improved security, greater convenience, and more privacy.

Introduction

Passwords have long been used as the primary means of authentication for online accounts, but they come with many challenges. Inventing and remembering good passwords is hard work for most people. Nevertheless, we need more and more passwords. As a result, people often (forced) to resort to using weak passwords and/or reusing passwords for multiple accounts. This involves significant security risks. That is why almost every cyber incident also involves a password incident.

That's why people need help using passwords. This is where a password manager comes in. This is because with a password manager, a user no longer has to remember passwords themselves, because they are stored in a vault. So easy! The safe of a traditional However, password manager is vulnerable to hacker attacks, as a breach of the vault puts all passwords stored in it at risk. Recently, there have been a few incidents where this vulnerability became clearly visible.

The password manager without a password vault

Our innovative password manager eliminates the dependency on a password vault. Instead, a patented technique is used where each password is recalculated over and over again using six factors.

Only with the right factors can the correct password be calculated. Here, the formula determines the quality of each calculated password. Our password manager formula uses 512 bit SHA2 hashing. This results in very long and complex passwords. By spreading the factors and the calculation across different entities, it is prevented from unauthorized access to all the information necessary to calculate a password. This is part of our zero-knowledge approach.

To prevent passwords from being calculated automatically, one factor is entered by the user. This keeps the user in control. This factor can be an easy-to-remember password (which can be the same for each account), or, for example, a biometric code based on a fingerprint or facial recognition. In addition, our password manager integrates every FIDO 2 authenticator so that this factor can also be entered via, for example, Windows Hello.

Our password manager passwords are phishing-resistant. This means that the calculated password for a look-alike website is worthless for a hacker because it is completely different from the calculated password for the real site.

Benefits of a password manager without a password vault

Improved security

With our password manager, the risk of a password vault is eliminated because passwords are not stored anywhere. The information needed to calculate passwords is partly in the user's head and partly stored in different locations at different organizations. That way, there is no entity in the system that has all the information needed to calculate a password. The calculated password is only available on the user's endpoint.

Increased convenience

Users no longer have to invent or remember multiple complex passwords, but can always have the strongest passwords possible without worrying about the security and management of a password vault.

Like traditional password managers, our password manager offers a seamless user experience, where passwords for websites and apps are filled automatically and users can easily add passwords for all their accounts. This simplifies password management and reduces the cognitive burden associated with remembering and managing a variety of separate passwords. Our password manager is available on all major platforms and is free for private use with no limitations in functionality.

Improved privacy

Users of our password manager are anonymous. This is unique for password managers and the result of the privacy-by-design principle that we take to the limit. For example, we don't want to keep passwords, but we don't want to store any other user information either. This helps us protect the privacy of our users, but also increases safety because there is nothing to get.

Conclusion

Traditional password managers that use a password vault have security and privacy restrictions. Our proposed password manager without a password vault offers an innovative solution to address these issues. By calculating passwords instead of saving them, users can have the strongest passwords possible without sacrificing security and privacy.