Gonna try this out hopefully it works well. Very excited for this app :good: Great job.
Hello! We're looking for people to help us translating Twik to some additional languages. Twik already supports English and Spanish, but we'd like to support much more languages. If you want to collaborate, that would be awesome!
Thank you very much!
Hi,
I can help with French translation if needed (I'm not French though, in case some French guy wants to take the job instead)
Thank you very much for the reply, and for the information [emoji2] I've actually been thinking about your program ever since I asked my question originally, and the concept, execution, etc. really has my attention. I understand that your program works differently than lastpass, and actually that's a great thing, bc if it can be done in a more secure manner I'm all for it ?It's totally different from LastPass. LastPass stores all your passwords, so if their servers are compromised, then the attacker gets all the passwords of a lot of people. Although those passwords are stored encrypted, I personally don't trust it. It seems to me that storing all your passwords in a cloud service is not the most secure choice, so I looked for something different.
With Twik you also have all your passwords on hand, but not because they're stored anywhere, they're generated everytime you need it, by typing your master key. It generates a different and strong password for each website. You need your facebook password? Twik generates it, it is not stored in the phone or the cloud. And don't forget, Twik is open source, you can take a look at the source code.
Furthermore, there is also a Chrome extension for the desktop called Password Hasher Plus that you can use to generate the exact same passwords that you generate using Twik, because both are compatible. You just have to make sure you set the same private key in Twik and Password Hasher Plus. The Chrome extension is very useful when you are on your PC because you just have to type you master key in the login form of a website and it automatically replaces your master key with the website password before sending the data.
1) I see in your description that twix creates a completely random password each time a person visits a site, so does that literally mean, "everytime I come to xda twit is going to create a new diffrent password for the site, bc I'm not sure how that would work with the site if your credentials are always changing??
2) Even though lastpass is a pain, there is the comfort that it won't be going anywhere for a while. So, my question to you is, if I take the time to switch everything over how do I know the app is going to be fully supported for the long run, bc if I then have to switch again I'm not sure the effort would be worth it??
3) This also goes for the chrome extention, that I'm assuming you don't personally own, and maintain. So, what assurances are there that-that particular plugin won't disappear in 6 months, leaving only the mobile app??
4) I know you do not currently have a pc bases app that partners, and syncs with the mobile app, but do you plan on making that happen, and will it be an app, or, just browser extensions, (and what is the approx timeline??
5) The thing is I myself do not completely trust the cloud, and a lot of it's mechanics make me uneasy, so I take the cloud with a pinch of salt.
The thing is I pay someone regardless for this service, so my only concern is that the program gets it right, and does it exceptionally. So, if I pay company a, or, b, or yourself for the service, I just need to know I'm paying for the best program.
+1 good work, +1 open source
I have not analyzed it and i think a normal user also would not do it, so here is a question:
For what do you need a network connection?
Please write your answer not only here but also in the description in the stores (at least f-droid ), many people like me are paranoid....
EDIT: translated it to german, see result at https://github.com/gustavomondron/twik/issues/2
Thank you very much for your comments and, of course, for the translation to German too, we'll add it to the next release You can be sure that your name will be included in the acknowledgments
P.D. I almost forgot! I know it's a bit long but... would it be possible to get the Twik description in Play Store also translated to German? It's not urgent, anyway
Twik ist ein einfacher Passwort-Generator und Manager für Android. Und dass, ohne die Passwörter zu speichern!
Sich die Unmengen Passwörtern für alle möglichen Dienste zu errinern, ist schwierig, vor allem mit den Anforderungen an die Passwörter. Jedes Passwort soll einzigartig sein und doch einfach zu merken. Das ist nicht nicht einfach. Man könnte die Passwörter einem Dienst anvertrauen und sie dann jedem Gerät zur Verfügung stellen. Mit einem Blick auf Sicherheit ist das ein absolutes No-Go. Würde der Dienst gehackt, wären alle Passwörter unsicher!
Twik arbeitet auf eine andere Weise. Twik erstellt einen privaten Schlüssel, der auf dem Gerät gespeichert wird. Zusammen mit einem Master-Passwort, das Du dir merken musst, kann jetzt für jede Webseite oder jeden Dienst ein induviduelles Passwort generiert werden. Nur die Kombination des privaten Schlüssels, des Master-Passwort und der Webseite oder dem Dienst ermöglicht es, das Passwort zu berechnen. Damit wären, selbst wenn ein Dienst gehackt würde, Deine restlichen Passwörter sicher. Twik integriert sich auch in den mobilen Web-Browser mit der Teilen-Funktion, damit auch beim Einsatz unterwegs alles schnell geht.
Für den Rechner gibt es auch ein Addon für Chrome im Chrome Web Store. Du kannst den gleichen privaten Schlüssel auf deinem Rechner benutzen, um so die gleichen Passwörter (natürlich nur mit dem gleichen Master-Passwort) zu generieren, solltest Du dein Smartphone nicht zur Hand haben.
Weitere Features:
- Beliebig viele Profile, jedes mit eigenem privatem Schlüssel
- Webseiten-Icons zum schnelleren Identifizieren
- Identicons zum überprüfen, ob du dein Master-Passwort richtig eingegeben hast, ohne es im Klartext zu sehen
- Teilen-Funktion für Browser um schnell an den Passwort-Generator zu kommen
- Anpassbare Sicherheit für jedes Passwort
- Automatisches Kopieren des Passwortes in die Zwischenablage
Twik ist Open-Source (GPLv3), die Quellen gibt es bei GitHub: https://github.com/gustavomondron/twik
Berechtigungen: Die Internet-Berechtigung wird nur dazu verwendet, Webseiten-Icons herunterzuladen. Es werden keine Daten gesendet.
Thanks.
It's not translated directly. But i think it's better to read.
Please release the text together with the new version, not before (else you may get bad votes at the Play Store).
I don't know how the f-droid store works, but if possible, please add also there the german description.
@gustavomondron thank you very much for the app. I tried to use password managers many times before but could not get used to them, but twik makes everything different
I just wanted to ask you how to get the favicon to show? Is there any special way? For example, I tried to type the website as google, google.com, www.google.com but every time there was no favicon only the first letter.
Thank you. I never thought if doing that. Now I have favicons showingHello, I'm really glad you find Twik useful! :good:
Regarding the favicon, to get the favicon you just have to share the webpage you're generating the password for with Twik from your favourite browser.
I
- A "tag" of the website, typically the domain (for instance, "facebook", "google", "ebay", etc.)
- The private key, stored in your device.
- Your master key, that only you know, and is not stored anywhere.
This is a mathematical process and, therefore, the same password is generated each time for the same website. This process is not reversible, so it's impossible to guess your private key or your master key in the case that the password of a website in particular is compromised.
So, at first glance, I love, Love, LOVE the idea of this app. I'm a LastPass user, and would consider jumping ship to this. I have almost 200 passwords set in my LastPass account, and it would be pure hell to change them all to follow your algorithm... but it would be worth the effort.
BUT.
What happens when I get that dreaded email from Facebook telling me that my account has been compromised? There is no way for me to change JUST my facebook password. I'd need to change my master password, which would force me to change ALL of my passwords, because the hash would change.
Do I understand that correctly? If so... thats a dealbreaker.
See this post from the OP before. No, you would just change the tag.
I'm considering using Twik on both my Android phone and on desktop Chrome. The problem with Chrome is that I can't see the password that's generated, unlike on Android where I can see the password. My concern is that I want to be sure that both platforms are generating the same password. (I wouldn't be asking this question if I could actually see the Chrome password when generated!)
Please tell me if I understand Twik correctly for use across phone and desktop. If I 1) use same master key, 2) use same private key, and 3) use same website tag, the password generated at Chrome (the password I'm unable to see) will be the same password that I'm able to see with the Android app. Right? Or wrong?
Thanks.
As much as I like it, I just see too many barriers caused by "forced" password changes.
Today I had a website change their security policy, and they asked me to change my password. Lets say the original password was generated with a tag of "ESPN". Theoretically, I could just make it "ESPN2"... but with 200 passwords to manage, I'll never keep track of which sites are 2, 3, 4, etc. It just seems like a maintenance nightmare.
Thanks for a great idea... I just think it has some shortcomings that folks will discover in the long run.
1) I see in your description that twix creates a completely random password each time a person visits a site, so does that literally mean, "everytime I come to xda twit is going to create a new diffrent password for the site, bc I'm not sure how that would work with the site if your credentials are always changing??
2) Even though lastpass is a pain, there is the comfort that it won't be going anywhere for a while. So, my question to you is, if I take the time to switch everything over how do I know the app is going to be fully supported for the long run, bc if I then have to switch again I'm not sure the effort would be worth it??
3) This also goes for the chrome extention, that I'm assuming you don't personally own, and maintain. So, what assurances are there that-that particular plugin won't disappear in 6 months, leaving only the mobile app??
4) I know you do not currently have a pc bases app that partners, and syncs with the mobile app, but do you plan on making that happen, and will it be an app, or, just browser extensions, (and what is the approx timeline??
5) The thing is I myself do not completely trust the cloud, and a lot of it's mechanics make me uneasy, so I take the cloud with a pinch of salt.
The thing is I pay someone regardless for this service, so my only concern is that the program gets it right, and does it exceptionally. So, if I pay company a, or, b, or yourself for the service, I just need to know I'm paying for the best program.
I'd like to make another case for visibility of Twik passwords on the desktop. In two instances today, a window opened where I was asked to provide a password, but the Twik icon didn't appear. My phone is not with me, so I'm unable to log on to those two accounts. I simply don't know the password. If I could see my password from chrome, I could copy/paste or enter them manually. For now, I have to wait till I have my phone.
For the record, window 1 was the desktop sign-in for google photos sync and the other was a bank sign-in through Mint.
Hi,
seems to be use full.
But without a PC program generating the same passwords and a solution to sync the generated pwds between Android and PC I will not try your app.