TwoKey is a password manager which relies on a USB physical access token as the second factor of authentication.

TwoKey has 4 modules:

• The Desktop App (C/C++ and Qt)
• The Server Backend (Python, Flask, MongoDB)
• The Browser Extension (JS, Chrome, Firefox)
• The Hardware Token (AVR)

The following is the general architecture of the project:

Probably not, this is a PoC graduation project implemented in less than 4 months. While it is tested well enough to pass (academically), it 100% isn't ready to be used in production or in a real environment.

Documentation and Presentation:

• Documentation (PDF)
• Documentation (on Google Docs)
• Presentation (on Google Slides)

Credits and Resources:

• Web server inside the desktop app: rxi/sandbird
• AES Encryption on the AVRs: DavyLandman/AESLib
• Libraries for USB Detection on Linux: libusb and libudev
• A blog post on Password Manager hacking which inspired this project: ise.io/casestudies/password-manager-hacking
• CASMM by Daniel Miessler
• How secure is my password?
• Have I been pwned?

This project was implemented as a graduation project under the supervision of Dr. Karim Emara and TA/Abdulrahman Ali.