Qvault is a new opensource password manager, with an emphasis on user experience and customization options.
Many who stumble upon Qvault ask,
“How is this different from other password managers?”
In this article we explain what sets Qvault apart.
Many password managers that exist today do not publish their code for the public to review and collaborate with. This is a huge security and privacy risk because the user and the community can’t:
- Ensure owners of the app aren’t stealing user information
- Peer-review the code and check for vulnerabilities
We assert that open source is a necessity for any password manager.
No other password manager gives users the option to upgrade security and recover-ability via physical cards. Qvault cards (once released) will come in packs of two and are the size of a credit card. There will be a Key Card and a Recovery Card.
The Key Card will contain a random and unique 256-bit key in the form of a QR code. The key is used in addition to the user’s master password to encrypt their vault. This provides an additional layer of security because an attacker would need to learn the user’s master password as well as obtain the key card.
The Recovery Card contains the same 256-bit key, as well as blank spaces on the back where the user will write a recovery code. The recovery code is a 16 character code generated by the app. The QR code is used in case the user loses their Key Card, and the recovery code is used to reset the user’s master password in case they forget it.
Qvault cards are still in the prototyping phase, but will soon be listed for sale on https://qvault.io The sale of the cards will help fund the open source development and ensure future maintenance of the app.
Open source apps have always struggled with user experience and user interface. Qvault has one of the best software designers in the business with many years of experience, DJ Shott. DJ is leading Qvault to be the easiest and best looking password manager today.
Qvault allows the user to customize an experience that best fits their security and usability needs. Some currently supported options are:
- Users can use a master password OR passphrase.
- Users can use a custom master password/passphrase or generate a random one.
- A virtual keyboard is included that can optionally be used to bypass key logger malware.
- Offline use is fully supported, as well as the option to automatically backup encrypted vault files to the Qvault cloud.
- Vaults can be encrypted with just the master password/passphrase, or dual encrypted with a Qvault Key Card
- A recovery code can optionally be created using a Qvault Recovery Card to restore access in case a password is forgotten.
- All updates are prompted, never automatic. This is important for power users that want to verify the source for each update.
We have an ambitious project roadmap. Here are some of the features we would like to implement soon:
- Generate “cold wallets” within Qvault for various cryptocurrencies like Bitcoin.
- Share secrets trustlessly with other Qvault users.
- Give access to sections of vaults to other users.
- Support generation of common secrets like PGP or SSH keys.
- Build a mobile app that integrates with the desktop version
- … And more. Let us know what you would like to see in the app, or feel free to contribute to the project on github!
Follow us on medium! https://medium.com/qvault
By Lane Wagner