CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Bluetooth-Enabled ‘Mooltipass’ Hardware Password Manager Unveiled

Mooltipass Mini BLE

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features.

Mooltipass Mini BLE

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features.

Back in 2016, SecurityWeek reviewed the second generation of the Mooltipass open source hardware password manager, the Mooltipass Mini. That version of the product can be connected to a computer using a USB cable.

The Mooltipass Mini BLE can also be connected via a USB cable, but it can also be connected wirelessly using Bluetooth Low Energy technology. Similar to older versions, the device’s OLED screen and clickable scroll wheel allow users to control and configure the device.

When connected to a computer, the Mooltipass Mini BLE can automatically log users into the device’s operating system or their online services via the Chrome, Firefox and Opera browser extensions. It can be used to enter credentials on any device, including phones and tablets, by behaving like a keyboard that simply types in the passwords stored in its memory into the active window.

Mooltipass Mini BLE also supports the WebAuthn passwordless authentication standard developed by the FIDO Alliance and W3C.

Users can store their passwords on the device, along with small files and notes, and all of this data is protected by an AES-256 encryption key that is stored on a smartcard. In enterprise environments, multiple users can utilize the same Mooltipass device, with each user plugging in their individual smartcard to access their own passwords and data.

A 4-digit PIN is used for authentication and the card is designed to self-destruct if the PIN is incorrectly entered four times. However, users can create backups of their smartcard to prevent the permanent loss of their data in case something happens to one of the cards.

Stephan Electronics, the Switzerland-based company behind the Mooltipass, has pointed out that the newest password manager uses a dual-microcontroller architecture, with one processor in charge of communications and one handling security features.

Advertisement. Scroll to continue reading.

The Mooltipass Mini BLE has two modes: easy and advanced. The advanced mode allows users to customize security preferences and it includes some more advanced features, such as storing credentials under different categories.

For managing the device from a computer, the developers of the Mooltipass provide Moolticute, a piece of software that can be used for web browser integrations; importing, exporting and synchronizing credentials; customizing the device; saving and retrieving files from the device; adding, deleting and modifying credentials; and updating the device firmware.

In terms of physical security, the Mooltipass Mini BLE has an aluminum case that is designed to prevent stealthy physical tampering — Stephan Electronics says it’s not possible to open the case without deforming it.

Stephan Electronics has launched a Kickstarter campaign to help fund the Mooltipass Mini BLE. With 26 days to go, the project has already raised over $80,000 of the $108,000 goal. Most of the money will be used to manufacture the devices, while the rest is needed for taxes and fees, and for shipping orders.

Mathieu Stephan, founder of Stephan Electronics, told SecurityWeek that they sold roughly 10,000 units of the previous Mooltipass devices. Stephan says they have not actively sought investment for the project outside of Kickstarter, as this method, in addition to helping raise funds, also helps “raise awareness.” He estimates that the device will cost $109.

In the future, the company plans on adding a one-time password (OTP) feature, along with password wallet service integration with Android and iOS to allow direct credential input on mobile devices.

It’s worth noting that since it’s open source, anyone can contribute to the project.

Related: Apple Releases Open Source Password Manager Resources

Related: Vulnerability Patched in Firefox Password Manager

Related: Flaw in Password Managers Allowed Apps to Steal Credentials

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.