A totally new kind of password management
April 10, 2015 — Santa Cruz, CA
passQi+ for iPhone Automates Password and Two Step Verification Login
passQi+ was released in the Apple iPhone App Store today, introducing a new tool for website user account management that stores both passwords and “authenticator” style two-step verification tokens in the user’s phone, enabling automation of website login on laptop and desktop browsers. The passQi+ solution can securely relay this information wirelessly from the user’s phone to the target browser. A lightweight bookmark install enables anonymous “secure bridging” between the two devices. The bookmark is compatible with modern browsers on OS X, Windows, and Linux systems.
Numerous sites such as Google, Evernote, Dropbox, and Salesforce have adopted two-step verification (often in response to being hacked, such as is the case in the recent slack.com breach). Additionally, security experts consistently recommend that users protect their accounts with both a password manager and two-factor authentication – but the fact remains that current two-step verification solutions make the process of logging on to a website even more inconvenient, requiring the user to manually enter a code from a single-purpose authenticator app. passQi+ enhances both convenience and security by orchestrating both of these account login actions in a single solution.
Rather than store passwords and two-step tokens in the desktop, cloud, or synchronized across multiple devices, passQi+ securely stores a user’s account information only in the phone. Once a user scans a QR code to initialize a bridged session, passwords stored in the passQi+ vault are encrypted for relay to the user’s browser with a one-time AES (Advanced Encryption Standard) key that is known only to the browser and the phone.
Once bridged, clicking the bookmark will trigger a notification on the phone; the user can then approve login without re-launching the app. Using passQi’s “secure bridging” technology, the username, password, and two-step verification code (if the site uses one) are encrypted and wirelessly relayed to the user’s desktop browser and injected into the login page.
By transmitting keys “out of band” from the network using the QR code, the users password data is completely opaque to potential listeners on the network.
The password management function of passQi+ allows users to maintain complex passwords without forgetting them, writing them down, storing them on the desktop, in the cloud, or synchronizing them across multiple devices like conventional password managers do, which minimizes the surface area of vulnerability, as there is no centralized target repository of user passwords.
The passQi cloud services are simple conduits for encrypted data payloads relayed between a user’s phone and their browser, when and as needed. The phone becomes the sole authority for the user’s identity.
“The problem isn’t passwords,” says passQi founder and CEO, David Eyes, “but more in how they are used. Everyone knows they should use complex passwords and two-factor, but it’s a nuisance – the human brain doesn’t work that way. And the time for trusting a ‘big brother in the sky’ type of password solution, with over-reliance on the internet security infrastructure – that should be long gone. passQi+ makes it possible.”
passQi+ includes free back-up capabilities and the ability to perform remote deletion of the phone’s password vault if the user loses their phone.
The company is simultaneously issuing a new release of its free passQi product, which includes all of the features of the passQi+ solution except the ability to scan, store, and relay two-step verification tokens. Pricing for passQi+ is $6.99 in the App Store.
passQi+ represents a significant step forward in solving the user’s account security needs.
View an introductory video clip at: https://www.passqi.com/passqi-introduction/
Free in itunes: https://itunes.apple.com/us/app/passqi+/id938989479