Jump to content

Password Manager Keyfob


AntiSpook

Recommended Posts

On Linux, how viable is Rubber Ducky as a password manager keyfob. Suppose I define super-secure passwords for someone who won't herself know them. I have authorization to configure her online accounts. She will ask the Rubber Ducky to input a password of choice by magic key combo(s), or maybe a menu in Python or JavaScript or whatever.

The data on the Rubber Ducky must be encrypted in case a third party gains access to it. It would be nice if she can put the Rubber Ducky on her keychain with her house and car keys, then only stick it in the PC when she needs to input a password.

Would a USB Armory be better or worse for this use case? Any other guidance? Thank you.

Link to comment
Share on other sites

The ducky is just a keyboard so it's not suited for this type of application.  Look into YubiKey or something similar if you want 2FA.  If a hardware token isn't required then can't you just set up a password manager on the machine like Dashlane or LastPass?

Link to comment
Share on other sites

The threat model is "frenemy" types using her PC while she's logged in. She has to stay with them sometimes and wants them able to use it (they often ask). So a password manager would not work, as it would let the frenemy use any account.

The lady involved also wants to be able to tell them, honestly, "I don't know any passwords, my tech set it all up, use the machine without using my online accounts."

So basically she wants to let others use her machine but NOT her online accounts.

The issue is not 2FA either, really it's just completely offloading the login data to a physical carry device and somehow automating it.

Merci!

Link to comment
Share on other sites

You're busy solving the wrong problem.

What you want is the PC to have multiple user accounts - one for her to get serious on, one for the frenemies who can go mental on the thing. At the end of a day, just wipe the frenemy account and make a new one.

Link to comment
Share on other sites

Correct, that is what *I* want. It isn't what she wants. The PC must autoboot into her user account. Frenemies expect to see her usage and certain files; boot it themselves into her account; and she wants to let them.

She just wants to offload online passwords a USB keyfob outside their access/control or for that matter, even hers. I will set it up and she can have plausible deniability on how to add or change passwords. That way the frenemies cannot alter her online accounts or set up new ones for her. Maybe Nitro Key would be the right device.

Merci!

Link to comment
Share on other sites

UBS Armory would also be an option, it's designed for a similar application (password manager being one of them).  But being a full linux system on a usb you can customize and use it in a number of ways.  The cost compared to the nitro key atones for those abilities though.

Link to comment
Share on other sites

Yubikey is the 2FA device, not a keystore. All you can feign is that you can't find the damned thing, which is quite implausible... Kinda like claiming to not know the passwords. Unless this frenemy is a child this excuse would last about 5 seconds.

You're putting a lot of time, money and effort into allowing a girl to be dumb. It's a lot more efficient to tell her to not be dumb.

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...