We have made LockFortress a one-stop solution for users' passwords. Firstly we provide the facility to the users to store and manage their passwords; unlike other password managers, we have OTP verification, wherein users have to verify their identity through an OTP to their registered mobile number. Another thing is that we are providing the user the docker image of our app, which the user can spin up on his premises or any cloud provider of his choice. This will protect him from any data leaks. Also, we are providing a password generator app; unlike the other apps present online that give entirely random passwords that are nearly impossible to remember, we will provide passwords based on various prompts that make it easy for the user to remember and hard for hackers to guess. We have achieved it through our homegrown algorithm. We also provide a password strength checker that gives custom suggestions based on your password. Lastly, we provide an interface for users to share password-protected documents with their friends securely.
The major challenge was storing passwords that the user saved into the app securely in our database, Unlike the password, we store for authentication where we hash it and store it. Then when we need to verify it we compare the hash of the two passwords. But the problem with hashes is that they are irreversible, so we went ahead with encryption and decryption, there we did quite a lot of research about which encryption algorithm to use for maximum security of our users. Another thing that we gave thought to was how to prevent our user's data even if our data is compromised, so to overcome this problem we decided to give the docker image of our app to the user so that he does the in-prem installation of it and keep his data with him. We also brainstormed a lot on the password generation feature in our app, there were many APIs out there but none of them was able to provide us with the solution that we wanted, We wanted something easy for users to remember but hard for hackers to guess. So we hardcoded the whole logic for generating user passwords through prompts from the user.
Technologies used
Discussion