All your credentials are safely stored in a secure device, which doesn't rely on your computer security.
The Mooltipass will prompt you for confirmation whenever you need to login on any website.
The Mooltipass can be used with any USB enabled device, for any application. Simply select the credential you need sent on the Mooltipass screen.
A secure smartcard is used to decrypt all your credentials. 3 erroneous tries will permanently lock it.
Multiple users can share one Mooltipass. Their encrypted database can safely be exported on the cloud or on their computer.
Open source allows our product to benefit from many engineers' expertise. This results in a verified security implementation.
The Mooltipass is designed to be as simple as possible to use for users of all backgrounds and ages:
The Mooltipass emulates a standard USB keyboard, and can therefore type your passwords for you on Windows, Linux, Mac and even most Apple and Android devices (through the USB On-The-Go port). It doesn't need any special drivers to function.
Integration with websites is done via our Google Chrome, Firefox and Safari plugins. We also provide you with an easy-to-use application to manage, import and export your credentials stored inside the Mooltipass.
The Mooltipass has an internal flash in which the user encrypted credentials are stored, while a PIN-locked smartcard contains the AES-256bits key required for their decryption. Like any chip and pin card, 3 false tries will permanently disable the Mooltipass card. Credentials are sent over HID, any password accessing operation needs to be physically approved by the user on the device.
The Mooltipass offers the following advantages over software-based solutions:
Our team believes that great security can only be achieved through complete transparency. That's why we have been publishing everything that goes into making the Mooltipass on our GitHub repository from the project's start.
Just like Linux-based operating systems, open source allows our product to benefit from many engineers' expertise. This results in better code quality, more trust from our final users and verified security implementation.
We publish everything we do to provide you with the best security device.
Since the project's start we have received many questions about our project :
Device Security - If it is open source, does it mean it is less secure?
Device Security - Are you sure about your encryption implementation?
Device Security - How secure is the Mooltipass, really?
Security - If I can export my encrypted credentials, does this mean someone could crack them?
Security - If I only need to remember a PIN code, does it mean the Mooltipass is not safe?
Security Practices - Why do I need different passwords for different websites?
Security Practices - Is your solution better than a piece of paper?
Device Use - Can a smartcard be used with multiple Mooltipass devices?
Device Use - Can it be used with an android phone?
Device Use - Can it be used with an iPhone?
Device Design - Why are you using both a smart card and a main Mooltipass device?
Device Design - How are the credentials sent to the computer?
Device Design - Where do you source your components?
Device Design - What if I lose my Mooltipass device?
Device Design - Why do you need an OLED screen?
Device Design - What if I lose my smartcard?