The Mooltipass is designed to be as simple as possible to use for users of all backgrounds and ages.
As shown in our video, it is extremely simple to use the Mooltipass:
The Mooltipass emulates a standard USB keyboard, and can therefore type your passwords for you on Windows, Linux, Mac and even most Apple and Android devices (through the USB On-The-Go port). It doesn't need any special drivers to function.
Integration with websites is done via a Google Chrome plugin and we are working to implement plugins for other major browsers. Several tools have also been developed by the Mooltipass community. While all password recall functionality is done through the Mooltipass device, credential management is done through a dedicated application.
The Mooltipass has an internal flash in which the user encrypted credentials are stored, while a PIN-locked smartcard contains the AES-256bits key required for their decryption. Like any chip and pin card, 3 false tries will permanently disable the Mooltipass card. Credentials are sent over HID, any password accessing operation needs to be physically approved by the user on our touch interface.
The Mooltipass offers the following advantages over software-based solutions:
Our team believes that great security can only be achieved through complete transparency. That's why we have been publishing everything that goes into making the Mooltipass on our GitHub repository from the project's start.
Just like Linux-based operating systems, open source allows our product to benefit from many engineers' expertise. This results in better code quality, more trust from our final users and verified security implementation.
We publish everything we do to provide you with the best security device.
Since the project's start we have received many questions about our project :
Is your solution better than a piece of paper?
If I only need to remember a PIN code, does it mean the Mooltipass is not safe?
Why do I need different passwords for different websites?
Why not make the device very tiny?
Why do you need an OLED screen?
Why are you using both a smart card and a main Mooltipass device?
What if I lose my smartcard?
Can a smartcard be used with multiple Mooltipass devices?
What if I lose my Mooltipass device?
Are you sure about your encryption implementation?
Can I use it on Windows/Linux/Mac?
Can I use on my computer/laptop/phone/tablet...?
How secure is the Mooltipass?
Are you planning to make a wireless version?
Where do you source your components?
How are the credentials sent to the computer?
Is it still possible to sniff the passwords sent over HID?
If I can export my encrypted credentials, does this mean someone could crack them?
If it is open source, does it mean it is less secure?
Can I use my bank card / ID card / access card with the Mooltipass?
Can all Arduino shields be used with the Mooltipass?