https://github.com/codedust/graphical-master-password

WebExtension that adds a shoulder-surfing resistant graphical master password to the firefox password manager
https://github.com/codedust/graphical-master-password

Last synced: 8 months ago
JSON representation

WebExtension that adds a shoulder-surfing resistant graphical master password to the firefox password manager

• Host: GitHub
• URL: https://github.com/codedust/graphical-master-password
• Owner: codedust
• License: agpl-3.0
• Created: 2016-12-04T20:32:34.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2018-09-29T14:16:14.000Z (over 7 years ago)
• Last Synced: 2025-04-09T08:46:50.494Z (10 months ago)
• Language: JavaScript
• Size: 28.7 MB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Graphical Master Password

This extension adds a shoulder-surfing resistant graphical master password to

the firefox password manager.

The addon makes use of the vast human capacity to store and process visual information. Upon installation a group of images is shown. We call these images the *familiar information*. Multiple grids of images will later be shown in the authentication phase where excactly one image per grid is part of the *familiar information*. The user has to point out the one image that was shown in the setup phase to authenticate her-/himself.

Blakley (t,n)-secret-sharing is used to prevent shoulder-surfing attacks by retrieving the shared secret from a subset of the images that are part of the *familiar information*. During each authentication attempt, a random subset of the *familiar information* has to be provided by the user.

![Screenshot of the addon](screenshot.png)

## Installation

To use this addon, install Firefox Developer Edition or Firefox Nightly (these allow you to disable signature checks for addons). Signature checks can be disabled by setting `xpinstall.signatures.required` to `false` in `about:config`.

This addon uses the Experimental Logins API that is a not implemented in Firefox yet. To enable the API, please first install the corresponding [WebExtensions Experiment](https://addons.mozilla.org/en-US/firefox/addon/experimental-logins-api/).

After this step, this addon can be tested as any other WebExtension by clicking `Load Temporary Add-on` in `about:debugging`.

## License

This program is free software: you can redistribute it and/or modify

it under the terms of the *GNU Affero General Public License* as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.