Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,806,408 Members 52,469 Now Online
XDA Developers Android and Mobile Development Forum

[APP][4.0+] Twik - Password generator and manager

Tip us?
 
SystemErrorOne
Old
#21  
SystemErrorOne's Avatar
Recognized Contributor
Thanks Meter 319
Posts: 466
Join Date: Jun 2011
Location: Jacksonville
Gonna try this out hopefully it works well. Very excited for this app Great job.
Press Thanks If I Helped

The Following User Says Thank You to SystemErrorOne For This Useful Post: [ Click to Expand ]
 
kabracity
Old
#22  
Senior Member
Thanks Meter 40
Posts: 103
Join Date: Apr 2011
Quote:
Originally Posted by gustavomondron View Post
Hello! We're looking for people to help us translating Twik to some additional languages. Twik already supports English and Spanish, but we'd like to support much more languages. If you want to collaborate, that would be awesome!

Thank you very much!
Hi,

I can help with French translation if needed (I'm not French though, in case some French guy wants to take the job instead)
The Following User Says Thank You to kabracity For This Useful Post: [ Click to Expand ]
 
kabracity
Old
#23  
Senior Member
Thanks Meter 40
Posts: 103
Join Date: Apr 2011
Quote:
Originally Posted by kabracity View Post
Hi,

I can help with French translation if needed (I'm not French though, in case some French guy wants to take the job instead)
Hi,

I've pushed the files for French translation to github.

Cheers
 
paranoid365
Old
(Last edited by paranoid365; 7th September 2014 at 07:17 PM.)
#24  
paranoid365's Avatar
Senior Member
Thanks Meter 18
Posts: 290
Join Date: Jan 2011
Location: Alberta
Quote:
Originally Posted by gustavomondron View Post
It's totally different from LastPass. LastPass stores all your passwords, so if their servers are compromised, then the attacker gets all the passwords of a lot of people. Although those passwords are stored encrypted, I personally don't trust it. It seems to me that storing all your passwords in a cloud service is not the most secure choice, so I looked for something different.

With Twik you also have all your passwords on hand, but not because they're stored anywhere, they're generated everytime you need it, by typing your master key. It generates a different and strong password for each website. You need your facebook password? Twik generates it, it is not stored in the phone or the cloud. And don't forget, Twik is open source, you can take a look at the source code.

Furthermore, there is also a Chrome extension for the desktop called Password Hasher Plus that you can use to generate the exact same passwords that you generate using Twik, because both are compatible. You just have to make sure you set the same private key in Twik and Password Hasher Plus. The Chrome extension is very useful when you are on your PC because you just have to type you master key in the login form of a website and it automatically replaces your master key with the website password before sending the data.
Thank you very much for the reply, and for the information [emoji2] I've actually been thinking about your program ever since I asked my question originally, and the concept, execution, etc. really has my attention. I understand that your program works differently than lastpass, and actually that's a great thing, bc if it can be done in a more secure manner I'm all for it 😀

Obviously, from my original question you can tell I currently use lastpass, but to be perfectly honest, lastpass itself is far from perfect. The last pass idea is fine, and dandy, but it is a very heavy, clunky app. It slows my browser down extremly, (a lot of times crashing it), and the app seems to not be consistent as far as auto login, or hell even handling your vault of passwords period. I find I end up with saved sites, plus multiple generated passwords for said sight, so I'm constantly having to clean up my vault, (which is a pain in it's own right). Also their mobile app is atrocious, and doesn't even work 1/2 the time. The reason that gets on my nerves is, bc I'm paying for a product that is more hassle than it's worth, and ultimately that wastes time, and is counterproductive.

I do have a few more questions about twix if you don't mind [emoji41]

1) I see in your description that twix creates a completely random password each time a person visits a site, so does that literally mean, "everytime I come to xda twit is going to create a new diffrent password for the site, bc I'm not sure how that would work with the site if your credentials are always changing??

2) Even though lastpass is a pain, there is the comfort that it won't be going anywhere for a while. So, my question to you is, if I take the time to switch everything over how do I know the app is going to be fully supported for the long run, bc if I then have to switch again I'm not sure the effort would be worth it??

3) This also goes for the chrome extention, that I'm assuming you don't personally own, and maintain. So, what assurances are there that-that particular plugin won't disappear in 6 months, leaving only the mobile app??

4) I know you do not currently have a pc bases app that partners, and syncs with the mobile app, but do you plan on making that happen, and will it be an app, or, just browser extensions, (and what is the approx timeline??

5) The thing is I myself do not completely trust the cloud, and a lot of it's mechanics make me uneasy, so I take the cloud with a pinch of salt.

The thing is I pay someone regardless for this service, so my only concern is that the program gets it right, and does it exceptionally. So, if I pay company a, or, b, or yourself for the service, I just need to know I'm paying for the best program.

@ the person who was leary of short insecure passwords, everyone gets your point, but I'm sure you can set it up in the settings so that it generates super long, super strong passwords. Also, to your other point even other software doesn't nag you constantly about a weak, or bad password, bc if it did most people would just stop using that app. Plus, an app can't "make" a person change their bad password ways, it can only offer pointers, and warnings in the hope the person changes their ways, (but ultimately if that person wants to continue to have bad password habits, there's not much the app can do). Very few people are going to use an app if it makes them do anything, (they don't want to do), or nags them constantly about anything. People change bad behaviours when "they ultimately decide , and not when some piece of software nags them to the point of being an inconvenience, or takes some type of control, and makes a person use only," secure passwords". Not only would a software company do no such thing, but if they did, (just like my example above), the consumer ultimately controls their decisions, and a company like that would go out of business. It's just like the adage that is as old as time, "you can lead a horse water, but you can't make it drink", and if your silly enough to try you're probably just going to get a kick you won't soon forget [emoji33]
The Following User Says Thank You to paranoid365 For This Useful Post: [ Click to Expand ]
 
gustavomondron
Old
(Last edited by gustavomondron; 8th September 2014 at 07:29 PM.)
#25  
Junior Member - OP
Thanks Meter 24
Posts: 18
Join Date: Jun 2013
I'm glad to answer your questions! (very interesting questions, by the way)

Quote:
Originally Posted by paranoid365 View Post
1) I see in your description that twix creates a completely random password each time a person visits a site, so does that literally mean, "everytime I come to xda twit is going to create a new diffrent password for the site, bc I'm not sure how that would work with the site if your credentials are always changing??
The point is that the passwords are not generated randomly. They are generated using an algorithm based on HMAC SHA1 (it's implemented in the PasswordHasher.java file), using as inputs the following:
  1. A "tag" of the website, typically the domain (for instance, "facebook", "google", "ebay", etc.)
  2. The private key, stored in your device.
  3. Your master key, that only you know, and is not stored anywhere.

This is a mathematical process and, therefore, the same password is generated each time for the same website. This process is not reversible, so it's impossible to guess your private key or your master key in the case that the password of a website in particular is compromised.

Quote:
Originally Posted by paranoid365 View Post
2) Even though lastpass is a pain, there is the comfort that it won't be going anywhere for a while. So, my question to you is, if I take the time to switch everything over how do I know the app is going to be fully supported for the long run, bc if I then have to switch again I'm not sure the effort would be worth it??
I would not be very worried about that On the one hand, I use and need the app everyday so I'm the first one interested in keeping it working flawlessly On the other hand, it's not only free but open source so everybody is free to fork it, improve it, port it to different platforms, etc. in the case that I can't do it.

Quote:
Originally Posted by paranoid365 View Post
3) This also goes for the chrome extention, that I'm assuming you don't personally own, and maintain. So, what assurances are there that-that particular plugin won't disappear in 6 months, leaving only the mobile app??
You're right, I don't personally own the available Chrome extension (Password Hasher Plus). However, I also started to develop Twik for Google Chrome and I'll release it in a few days. It will support multiple profiles and will synchronize the options among your different Chrome installations.

Quote:
Originally Posted by paranoid365 View Post
4) I know you do not currently have a pc bases app that partners, and syncs with the mobile app, but do you plan on making that happen, and will it be an app, or, just browser extensions, (and what is the approx timeline??
Given that we'll have our own Twik for Chrome extension, synchronizing the desktop and the Android app is a feature that can be introduced in the future. However, this kind of synchronization requires of a web server working 24 hours a day, and this is not a minor issue (for instance, deploying it on the cloud of Google is not free if you exceed a quota).

In addition to the Chrome extension, I'd also like to develop (but I can't tell you when or whether it will actually happen) a desktop application, implemented as a Chrome application, which can be executed out of the browser just as any native application.

Quote:
Originally Posted by paranoid365 View Post
5) The thing is I myself do not completely trust the cloud, and a lot of it's mechanics make me uneasy, so I take the cloud with a pinch of salt.

The thing is I pay someone regardless for this service, so my only concern is that the program gets it right, and does it exceptionally. So, if I pay company a, or, b, or yourself for the service, I just need to know I'm paying for the best program.
I understand your concern, but you won't have to pay if you use Twik, it's free and opensource (GPLv3), you can build it yourself if you want I didn't trust the cloud for my passwords, and that's why after looking for alternatives I found the mechanism used in Twik the most appropriate for my needs. I think it's worth trying it, especially taking into account that it's not a closed-source and paid service.
The Following 3 Users Say Thank You to gustavomondron For This Useful Post: [ Click to Expand ]
 
gustavomondron
Old
#26  
Junior Member - OP
Thanks Meter 24
Posts: 18
Join Date: Jun 2013
Hello! We've just released the Twik for Chrome extension for your desktop browser. You can get it now on the Chrome Web Store. Of course, it's also open source (the source code is available at GitHub).

It is 100% compatible with Twik for Android and it also supports multiple profiles. One of my favorite features is that all your profiles and passwords settings are synchronized among your Chrome installations, so you just have to setup Twik only once

More information is available on the Twik website, and I'll be happy to answer all your questions here.

Looking forward to your feedback!
 
murderered
Old
(Last edited by murderered; Today at 12:46 PM.) Reason: No answer, no double-posting
#27  
Junior Member
Thanks Meter 4
Posts: 14
Join Date: Jun 2013
Location: DE-TH
+1 good work, +1 open source

I have not analyzed it and i think a normal user also would not do it, so here is a question:
For what do you need a network connection?
Please write your answer not only here but also in the description in the stores (at least f-droid ), many people like me are paranoid....

EDIT: translated it to german, see result at https://github.com/gustavomondron/twik/issues/2
The Following User Says Thank You to murderered For This Useful Post: [ Click to Expand ]
 
gustavomondron
Old
(Last edited by gustavomondron; Today at 04:45 PM.)
#28  
Junior Member - OP
Thanks Meter 24
Posts: 18
Join Date: Jun 2013
That's a good question

As you know, Twik is a password manager in addition to a password generator. We really wanted to provide an UI that allows you to get the password you want as fast as possible. Showing not only the name of the website but also its favicon make its easier to find it faster and also makes the UI more visual. In order to download the favicon, the Internet permission is necessary That's the only point in the application that uses the Internet connection. It's in the FaviconLoader.java file, if you want to take a look.

I'm updating the Play Store description to justify the need for this permission, you got a point there.

Thank you very much for your comments and, of course, for the translation to German too, we'll add it to the next release You can be sure that your name will be included in the acknowledgments

P.D. I almost forgot! I know it's a bit long but... would it be possible to get the Twik description in Play Store also translated to German? It's not urgent, anyway

Quote:
Originally Posted by murderered View Post
+1 good work, +1 open source

I have not analyzed it and i think a normal user also would not do it, so here is a question:
For what do you need a network connection?
Please write your answer not only here but also in the description in the stores (at least f-droid ), many people like me are paranoid....

EDIT: translated it to german, see result at https://github.com/gustavomondron/twik/issues/2

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes