Meet The Mooltipass Mini!
(Update: Stretch Goals can be found here and on the "Updates" tab)
Our online lives are always expanding and along with new territory come new usernames and passwords... leading us to experience security fatigue. The Mooltipass Mini is designed to help you keep all of your passwords secure, while still leaving them easy for you to access no matter where you need them. Whether you're looking to improve your existing password management methods, or just starting to explore how to manage them all, the Mini has something for you!
The Mini connects to any USB-capable device (phone, tablet, computer, etc). To use it, all you need to do is insert your personal smartcard, unlock it with your PIN, and start using your device. You'll be able to log in anywhere with a quick tap on the desk or a few tweaks of the scroll wheel!
Here's a quick overview of its features:
- One Mini can be shared by multiple users, identified by their personal cards
- One smartcard works on multiple Mooltipass Minis: have a backup Mini!
- The Mooltipass Mini isn't vulnerable to standard password manager attacks
- Mooltipass Mini cards can safely be cloned without compromising security
- User credentials can safely be exported: backups are encrypted!
- Your credentials are safely encrypted inside the Mooltipass Mini
- Only remember one card PIN to access all your credentials
- Tamper evident case made of Anodized Aluminum
- Secure firmware updates
Why Do I Need a Mooltipass Mini?
Excellent question! If you browse the Internet regularly, you have no doubt amassed a healthy assortment of accounts for various sites and services you use daily, monthly, or even once in a blue moon.
Do you have no problem remembering all of your unique and different passwords for those services without using something to help you remember them, not to mention each site's differing password requirements? OK, then maybe the Mini isn't something you need... but wouldn't it be awesome if there was a device that could remember all of your passwords for you? The Mini can help with that!
Do You Use Something Else to Store Your Passwords?
Many people use software tools to store and organize their passwords. That's a great first step, but consider what happens if a piece of particularly nasty malware compromises your computer. It can steal your password database, and the next time you use it to log in to a website, it can also steal your master password. We're not kidding, in fact, something similar happened to a well-known password vault. Since we decouple the decryption key from your computer, it becomes much harder for a malicious program to make off with all of your account information.
Do You Use the Same Password (or a Set of Similar Passwords) in Multiple Places?
Well, you've certainly solved the problem of remembering your passwords... but have you considered what happens if one of those services is compromised and your password is stolen? An attacker now knows the email address you used to register for the service - and if it has the same password, chances are he can now access a lot of information about you... for example:
- E-bill reminders
- Bank information
- Accounts for online merchants
- And all the other services you use...
Hopefully you haven't used the same password for any of those services... but don't forget many services will email you a password reset link. With all of this information at their fingertips, a malicious person can easily take control of your online life!
OK, So You Used a Different Password for Your Email Address... But What About the Password Reset Questions?
Many people's accounts are compromised because they did nothing more than choose security questions to which the answers are easily guessed or can be found elsewhere online. Your high school, or mother's maiden name? Perhaps those can be found on your Facebook account or LinkedIn profile... You can even have the Mini remember some obscure answers to security questions for you!
As You Can See, the Strength of Your Security is Only as Strong as the Weakest Part.
As cliché as the information is, the only way to ensure your accounts stay secure are to use unique and complex passwords for each one - and thus we come full circle to the first paragraph of this section. That's why we created the Mooltipass and Mooltipass Mini - to make it easy to start (or continue) good security practices for all of your online accounts. It can even help you out by generating long, complex, random passwords anytime you create a new account somewhere or wish to change an existing password.
How Easy is it to Use?
Not hard at all - we created cross platform browser plugins to add all kinds of features, like automatic detection of login forms, adding/creating/updating credentials, and even adding them to a favorites list on the device for quick access. Just plug it in, unlock it with your smartcard, and start using your computer. You can even knock on the table to approve credentials requests !
Our Chrome extension and App have been used for nearly 2 years now, and we are currently testing our newly developed extension for Firefox.
You can also use the Mooltipass Mini on any computer, tablet, smartphone, or any other device that can support a USB keyboard. Then you can just unlock your Mini and select which credentials you'd like to send to the device - no drivers required, and it doesn't matter whether it's Windows, Mac OS, Linux, Android, etc...
We've had extensive discussions on the user interface with our beta testers, and the end result is something everyone has found easy to use.
The Mooltipass mini has the same security as its larger brother - namely:
- A Smartcard to securely store the AES-256 encryption key for your protected information. This disconnects the encryption key from your secured data, meaning that even if your computer is compromised, the encryption key cannot be accessed by any malicious software on the machine.
- PIN-based Authentication - 4 wrong PIN entries and the card will self-destruct, putting a significant damper on the viability of brute-force attacks. Don't worry, it's easy to securely duplicate your access card, on the off chance something happens to the original!
- Tamper Detection - To ensure you know nobody has tinkered with your Mooltipass Mini, the aluminium cases are sealed with high-strength adhesive. One of our beta testers tried to open a Mini without causing damage... suffice it to say it was pretty obvious someone had attempted to tamper with the device by the time they managed to access the (quite charred) circuit board.
- Fully Encrypted Backups - You can rest assured knowing that the backup files are encrypted using the same key stored on your smartcard. Even if someone compromises your computer (or cloud storage account) and obtains the exported data, they will not be able to decrypt your passwords.
- Secure Firmware Updates - The Mooltipass Mini includes a way to safely update the firmware running on it using digital signatures. This will allow us to add new features to your device in the future!
The Mooltipass Mini was designed with our users in mind. Many of them commented that the larger version wasn't quite as portable as we'd originally thought. Based on their feedback, we shrank it down to only 79 x 37 x 12 mm. We also halved the size of the smartcards in order to keep the unit small and unobtrusive when in use.
As economical as plastic enclosures can be, our team felt they just weren't right for the Mini. After some experimentation and a test batch of aluminium enclosures, all of our beta testers fell in love with the metal design. Not only does it look awesome, but it's also far more scratch-resistant than a plastic enclosure - and that's a pretty big plus for something you would carry around a lot.
To maximize portability and utility, there are a few additional features we'd like to share:
Touch interfaces tend to need a lot of space to work well. Instead, the mini sports a compact, clickable scroll wheel as its main navigation mechanism.
Since the Mini fits so easily in one hand, it can be configured to work with the scroll wheel either on the right, or on the left, whichever you find most comfortable.
Don't want to hold it in your hand? No problem, you can use it hands-free! If it is unlocked and you visit a website with stored credentials, you can simply tap on your desk to confirm that you wish to log in.
- Device Size: 79 x 37 x 12mm
- Working Voltage: 4.75V to 5.25V
- Current Consumption: 0.5A maximum
- Connector: micro-USB 2.0 (full speed)
- Internal Memory: 4Mb
- Smart Card Support: AT88SC102
- True Random Number Generation
- Interface Type: clickable scroll wheel
- Case Material: Brushed Anodized Aluminum
- Display: 128x32 pixels monochrome 2.23" blue OLED screen
Project Status - Why a Kickstarter Campaign?
Mass producing a new product is not inexpensive. We've already done much of the pre-production work, but the final production run is where the Kickstarter campaign comes in.
We need your help to fund the fabrication of a large batch of devices, so that we can get them into the hands of anyone that wants one.
Some of the work we've already done includes:
- Prototypes and beta-testing (in fact, we went through three iterations of the Mini hardware!)
- Coordinating with a trustworthy manufacturer to fabricate and assemble the devices
- Setting up for production of the laser-engraved aluminium cases
- Finding a printer and making a test batch of smartcards
- Finding suppliers and distributors for our components
- A nice box to protect and show off the unit
As you can see, we are well on our way, but we still need your help to make it over the final hurdle. We hope we can count on your support, if you still have questions after browsing the information on this page, please don't hesitate to contact us! We'll be glad to clear up any confusion or answer questions that aren't detailed here.
If we hit Fr. 70,000, you will be able to choose from one of these four colors for your Mooltipass Minis: black, dark grey, light grey, or gold. What's more, this finish will be anodized, so you don't need to worry about it scratching, chipping, or peeling like a painted surface.
if we reach Fr. 100,000, we'll make it hold TWICE as many passwords (that is, over 3000), by upgrading the flash chip from 4Mbit to 8Mbit... That's a lot of passwords!
We're also looking at whether it's possible to implement small file storage on the mini. Unfortunately we can't make any guarantees on when we'll get this bit done, since it requires some work and coordination in a few different areas... but we'll do our best. A little extra bonus feature as our thanks, if you will.
Why? Well, some secrets aren't passwords... things like encryption keys, tokens, or any other small bit of info that is important enough to protect, but doesn't fit within the standard Mooltipass password storage.
If we make this goal, we'll give you an additional three anodized color choices for your mini: blue, green, and magenta. That brings the total choices up to seven!
Why the strange number? Well, it's not far from the second stretch goal, and this isn't a major change on top of already offering color choices, just a little extra in the way of logistics for us.
The Mini's design doesn't allow for adding a lanyard hole without significant design changes, but we've found what we believe to be the next-best thing - a lanyard that attaches to the micro-USB port. Fortunately, the Mini is small and light enough that this is a viable option - so we're thrilled to announce it as our fourth stretch goal at Fr. 145,000. We're already well on our way there, which is fantastic!
(Yes, the keen-eyed will notice the image above is a mock-up. Samples of the real thing are on their way from a supplier and we'll give you a genuine photo of the result when we've got them in our hands... but we didn't want to wait for those to arrive to announce the stretch goal!)
Security Through Transparency
Our team believes that great security can only be achieved through complete transparency. That's why we have been publishing everything that goes into making the Mooltipass on our GitHub repository from the project's start.
Just like Linux-based operating systems, open source allows our product to benefit from many engineers' expertise. This results in better code quality, more trust from our final users and verified security implementation.
We publish everything we do to provide you with the best possible security device.
About the Team
The core Mooltipass team is located in Switzerland, but we have many volunteers and contributors from all around the world. The Mooltipass is truly a global effort, and we're incredibly proud of what we've accomplished with our team of contributors and their wide variety of skill-sets and backgrounds.
A Brief History of Security Flaws and Beaches
We often think that the devices and websites we use are exempt of security flaws. You may see if one of your accounts is part of the 1.5 billion that have already been compromised by visiting this website. We also compiled a brief list of major security breaches and vulnerabilities found during the last few months:
- 09/2016: Yahoo Confirms Massive Data Breach, 500 Million Users Impacted
- 09/2016: 97% of the Top Companies Have Leaked Credentials Online
- 09/2016: As We Speak, Teen Social Site Is Leaking Millions Of Plaintext Passwords
- 06/2016: attackers can gain full remote access to an iPhone by sending a simple iMesssage
- 06/2016: Teamviewer hacked, users' Paypal account drained
- 06/2016: GitHub Presses Big Red Password Reset Button After Third-Party Breach
- 05/2016: Hackers Claim to Have 427 Million Myspace Passwords
- 05/2016: Hackers Stole 65 Million Passwords From Tumblr
- 06/2016: Passwords for 32M Twitter accounts may have been hacked and leaked
- 06/2016: Android Full Disk Encryption Can Be Broken
- 07/2016: New Backdoor Allows Full Access to Mac Systems
- 08/2016: Qualcomm security flaw allows a malicious app to gain root access
- 06/2016: New Cache Attack Can Monitor Keystrokes On Android Phones
- 03/2016: MitM Attack against KeePass 2’s Update Check
- 07/2016: Rumors Claim 40M iCloud Accounts Hacked; Apple-Related Forums Compromised
- 06/2016: Lastpass: remote 'complete account compromise' possible
- 08/2016: iPhone malware that steals your data is a reminder no platform is ever safe
Risks and challenges
The Mooltipass project has been ongoing since 2014, and the Mini has been under development since not long after the original campaign concluded. The core team from the Mooltipass product is still at the helm, bringing all of their experience and knowledge from before, in addition to the things we learned the first time around.
Just like before, we've already produced several batches of beta units and circulated them to 50 eager beta testers around the globe. We've been working with them and listening to their feedback to improve the product for the last 6 months.
As mentioned, we already know our components manufacturers and product assemblers in Shenzhen from the original campaign, and some members have actually been working with them for more than 3 years on other electronic projects.
As much as we'd like to guarantee a smooth production run without hiccups, there will always be unpredictable events that may arise when producing large quantities of an item. Rest assured that we will do our best to keep you informed for the duration of the project, and until you have your device in your hands!Learn about accountability on Kickstarter
- (28 days)