About the project
Password Manager that takes personal security at higher level.
Online security and information security in general is becoming increasingly important as technology quickly evolves and grow into every aspect of our lives.
As a lot of services and tools move to the cloud, people spend more and more time on the Internet, which is as much open to honest users, as it is to bad intentioned guys.
We all know the most common protection against unwanted access to your online activity, and yet the most wide spread one is locking an account with a combination of username & password known to you and only you. But here we have at least two important issues with this approach:
- How to choose a strong password for each service I'm using?
- How to remember so many unique and strong passwords?
Everyone has his own solution to the problem, and of course there are common solutions mutualy used by the majority of people and well known to hackers! This is why so many passwords are being broken all the time...
Nevertheless there is one common solution that is secure enough to be used by everyone - use a trusted Password Manager (Google says)!
This is what we did at Limitlesslane: we've built a brand new Password Manager that lives in the cloud, always there remembering your passwords and keeping them known to you and only you.
Not even Limitlesslane knows your passwords.
A scalable and reliable setup:
All the data is stored in the cloud in an encrypted form (using AES-256).
Encryption key is never stored.
Application and Data live on different servers.
Minimum setup - if something is not used, it is removed from Application server.
Software allways up to date.
The server side framework is custom built MVC with speed and security in mind. Application speaks for itself.
HSTS ensures HTTPS is always used for communication between server and client.
By dropping SSL support in favour of TLS we droped support for some clients (like IE6 on XP) to ensure best security, but yet we support all major browsers on desktop and mobile devices, with Forward Secrecy always enabled.
Client side development
Simple and fast design
The Web Application of Limitlesslane is designed to give you instant access to your passwords from any device connected to the Internet. All you need is just a browser - no need to install anything else.
One codebase for all major platforms:
Limitlesslane Browser Extension
helps you save time and bypass keyloggers by automatically logging you in
any website and saving your new logins.
It also has a Password Generator, which combines entropy gathered from both server and client to generate unique strong passwords with a non-deterministic algorithm.
The Extension code is designed in two layers:
1. Client interface - specific to each browser.
2. Implementation code.
This way the second and biggest part is exactly the same for all browsers (Chrome, Safari, Firefox, Opera), with the only varying part being the Client interface. This way we can focus on implementing new features rather then on covering Browser differences.
Building the auto-login and auto-save systems was a true challenge.
The extension has to work with websites of any type and form,
to catch the login and signup form/fields/URL,
detect the successful login event,
correctly trigger the website's submit event,
catch DOM elements change on the fly etc.
All this involved creating an abstract, deep and yet seamless
integration into DOM of any website in the wild.