DEV Community

Cover image for passtwo - mobile password manager
Gareth M.
Gareth M.

Posted on • Edited on

passtwo - mobile password manager

Update: release apk now available here

Passtwo is my second attempt at making a mobile password manager app. It is designed to integrate with passman, a python script that uses GPG to store passwords. You can see how it works in this DEV article. This app relies on BouncyCastle to decrypt files.

OAuth Device Flow

This app uses the beta Device Flow for OAuth apps. First, when the user presses Request Device Token, the app sends a request for a device token containing the OAuth app's Client ID. The response contains an 8-character authorization code, and the browser automatically opens to type it in (The code is displayed on the app's settings page). The user will be prompted to login before entering the code. Finally, if the user has agreed to allow the application, the Get Token button must be pressed in order to finish the authentication process.

User Info

After authenticating, the user simply inputs their github username, the private repo holding their passwords, and their gpg passphrase. The only thing required in the repo are the folders containing the encrypted passwords, and a gpg private key. The app currently doesn't support adding new accounts (directly from the app), however I hope to add that in the future since it would be improvement over the previous version. Each time the user tries to access the Passwords page, they will be prompted to enter their fingerprint or pin before proceeding

Installation

A release apk can be found here.

Top comments (0)