What

Password Orbit is a tiny, fast and secure computer program that saves all of your passwords in your computer. Password management screen looks like this:

Password Orbit v0.01 - Entries

This little program (only 114 kb) is very easy to use, simple tool for creating complex passwords and storing all your information protected by most modern and safest encryption and decryption algorithms.

Scroll down to download section the text to see download the program for free and start using right away!

Why

Problem

I’ve got a password for Facebook.

I’ve got the same password for my e-mail.

Wait! That’s not safe, I need different passwords for every website.

But wait! I have accounts in countless websites!

Sounds familiar?

According to Leo Notenboom’s article about password managers and ideal security  when not using a password manager, most people will compromise their security in some other way. Here are some of the reasons Notenboom touches :

  • They’ll choose a less secure password that’s easy for them to remember (not complex)
  • They’ll use the same password at multiple sites (not unique)
  • They’ll save the password on their computer using some other, less secure technology, or even write the password on a sticky note kept close to the computer (not memorable)
  • Any one of those decreases your security significantly.

It’s good to use password managers. But how about the big problems with existing password managers? Andreas J. Wicker in his article “Why Password Managers Are Not Safe”  presents solid arguments about why both commercial an open source passwords managers are far away from being safe:

Commercial managers:

  • You can bet that the NSA has built backdoors into it.
  • And there is a secret law that forbids that the company talks about the backdoors.
  • Other secret services are very much trying to find out the backdoors or to put spies into the company to be able to introduce their own backdoors.

Open source managers:

  • The NSA has built backdoors into it.
  • Other secret services have built backdoors into it.
  • Some bright phisher has built backdoors into it.
  • With many eyes, all bugs are shallow, you say. Heartbleed I say. Oh, and Shellshock, of course.

Not only that the popular managers are probably working with governments, but also they might be selling your information to advertising agencies. In the other hand even open source managers can’t be a safe option because it’s easy to find backdoors, or/and add them.

A recent study by Zhiwei Li, Warren He, Devdatta Akhawe und Dawn Song  from the University reveals that in four out of the five password managers they studied, an attacker can learn a user’s credentials for arbitrary websites.

So, how can I even set up strong and unique passwords for every platform in a safe platform and remember them?

Solution

I code my own password organizer, with a system that I build line by line after many researches, with a system that has no connection with internet (so that credentials cannot be leaked) and with a structure that uses the most recent and powerful encryption methods salted and spiced by my final touch.

How safe

It’s so safe that even the programmer (myself) or anyone who can somehow access the codes cannot sneak into your account without having your database, master key, and key file.

Password Orbit v0.01 - Main Menu

Database file is where you store all of your information. It uses AES-256 as to work with database file.

The Advanced Encryption Standard or AES is a symmetric block cipher used by the U.S. government to protect classified information  and is implemented in software and hardware throughout the world to encrypt sensitive data.

Key file is unique for your password. You need both your password and key file to see your database. Password Orbit uses different modern and secure hashing (SHA26, SHA512) algorithms and then mixes & encrypts the hashes in ASCII encrypted with its own algorithm. For example, a key file for password 123456 look just like this:

Password Orbit v0.01 - Key File

Password is your master key to log in to the system. Password Orbit uses a smart strength estimation algorithm to tell you how safe your password is. It has even a easy password generation tool where you don’t worry about creating strong passwords:

Password Orbit v0.01 - Password Generator

Costs

It is 100% free.

But you can help me to improve it!

Feedback‘s are the most important thing for the development of the project. This is very early version, so feel free to contact me about what you think/feel about the program: what you don’t like, what you think should be improved. It can be about anything. Every kind of feedback is important for me as the program is in its pre-alpha stage.

Download

No installation required! Extracting the files from compressed zip & start using it. You’ll be amazed by how easy to use this kind of strong security system.

It’s important to keep your program updated as the security improvements are my best priority for developing this program. Importing/exporting databases won’t be any problem, because it’ll be backwards-compatible, so keep your program updated!

Details

  • Security
    • Encryption
      • Based on 256 bit AES algorithm with RijndaelManaged class.
    • Key file generation
      • The key file is simply ASCII presentation of password hashed by different algorithms.
    • Safe randoms
      • A thread, time-safe cryptological randomizing algorithm class is being used for all random generated things. So all randoms are safe in the program.
    • Captcha
      • Captcha is implemented due to blocking brute force attacks, even though it’s very boring.
      • Graphical captcha
        • Five layered captcha with random colors, uses randomized background patterns, squares, background letters, lines and dots.
      • Audio captcha
        • Captcha reader reads the captcha while there are some random letters being spoken in background.
  • Password
    • Password generation
      • Password generator can generate very strong passwords. It can be customized by choosing the amount of different types of characters in password, or decide between if the same characters will be used (repetitive chars) or all characters in password should be unique. It’s very easy to do by just playing with the sliders.
    • Password strength estimation
      • Password strength estimation rates a password. It counts factors like repetitive chars, entropy, patterns, usage of different types of characters.
  • GUI
    • Simple UI for password management.
      • You can add/delete/view/edit/search entry from right click menu, toolbox or top menu.
    • Change tracking
      • The title of the window changes, and the user is asked if changes are not saved.
    • Config file support
      • Some variables (like image paths, checkbox values. recent used paths) are saved in a config file and being read from it.
  • Database
    • Export
      • Ability to export database as TXT file.
    • Encryption
      • Database is not only encrypted with key file and password, but also formatted by key file (all separators for entries for example are some characters from key file).