This version is 100% free. Scroll down to Download section to download and start using.

Welcome to the second development blog of Password Orbit. This is how the second version of Password Orbit Alpha v0.2 looks like:

Password Orbit v0.02 main menu

In this post I’ll talk about some of the new features in three categories:

  • Security
  • Database
  • UI

Security - More secure against background stalking

Despite the fact that this is an very early alpha version and you may encounter bugs, its memory protecting system is already at the highest security possible.

Session Encryption

This is the first layer of the protection of communication in program. All of the variables that carry sensitive information are encrypted by a a special key that’s created and varies for each unique session.

SafeTextbox

It is simply a textbox that holds sensitive information. it has a secure clipboard management and restricted all kind of commands open to abuse. There also some GUI improvements and cool features like caps lock alert, special insert cursor.. in these textboxes.

Microsoft textboxes obey to the some external commands, which makes it very easy for another application or a hacker to see and save what’s inside the textbox. In Password Orbit, texboxes stores all information encrypted in SafeString’s (see: next paragraph) as long as it doesn’t reveal to user (in this case, password will be revealed in the memory anyway).

SafeString and SafeByte

In almost every single program/application, your information is stored in variables called “strings” or “bytes”, and all of those variables can be monitored easily if someone has a control of your computer while you’re using the program. In this version all of the sensitive informations, including your credentials and (obfuscated) constant application variables, are stored in SafeString and SafeByte classes that uses the recent security memory management technologies and encrypts the data they’re holding.

Encrypted information gets decrypted in order to show data to the user. This practice makes my method not bulletproof. But it is a strong way to decrease the time window in which someone can inspect your memory and successfully get the sensitive data.

Database - You can save more data

The database in v0.01 was a plain encrypted text file, now the Password Orbit uses SQL database (SQLite) with three layered protection: database password, encryption for database data, and another encryption for sensitive information (username and password). All passwords/encryption keys are unique for each user and created from users password/key file.

Icons for every entry

You can now save icons for entries to database. Password Orbit will find the favicon of the related website for you, or you add your own custom icon. They’ll be included in database, so you don’t worry about keeping the image.

Attach your private files

You can now attach files to your entry. There is no format limitation so it can be a QR-code, text file, picture of a bank card, or just a selfie of yourself surfing in Ibiza, whatever you want. Your attached file will be saved in encrypted form as all other information in database.

Smart time management

In this newer version, you’ll see that password Orbit saves some timestamps for your entries. Time values are saved precisely with milliseconds as UTC, and the way they’ll show up to user is customizable in config file.

UI Improvements - Easy, modern, customizable

I’ve moved from Windows Forms to WPF with MVMM design pattern. I really liked the pattern and learning process even though it required me to rewrite almost all of the code. WPF looks good, MVMM pattern fastens the test and coding process, and makes project easier to port to other platforms like web or mobile platforms.

Docking System

Password Orbit works with customizable docks now. It has a tab bar like web browsers where entries are showed, and different tools to work with entries. The layout is very similiar to Visual Studio where you can change the GUI by dragging and dropping docks. You can even drag items out of the main window (for example a document on to a second monitor) and keep working with floating items. Your layout, including opened documents, and your windows state (position, if it’s full screen) are saved (in config file) after you exit from the program and loads after you open your password orbit database.

Smarter captcha requirement

Entering captcha’s is an annoying task for the users. That’s why Password Orbit won’t ask you to enter captcha in the first place anymore. It is only asked after one fail login try, and it doesn’t require captcha validation before the next fail. It is strong against bots and it will require captcha even if you try to reset the state by restarting the program, or even reinstalling it. This way it’ll affectively protect your data against brute force attacks.

Download

Download (Windows), mirror 

SHA256: BA579A0522BD5388020659B111C1F85764E73986E4C2AC9D1DDE61D822E9E782

I would appreciate any feedback to improve it. Feel free to contact me about what you feel about the program, ideas, advices, and bug reports.

Changelog

Security

  • [CHANGED] All the text-based communications within the program are encrypted with a different/random key for every unique session.
  • [ADDED] SafeStrings : All of the sensitive information used in programs communication are stored in “SafeStrings” that encrypts them with a random key created for every session, also combines this protection with Microsoft’s recent security memory management classes.
  • [ADDED] SafeBytes : Some bytes are protected by this new class safe bytes. SafeBytes holds the bytes with some bulk bytes so that they’re not readable in the memory.
  • [ADDED] SafeBox : A special password section. Text input handling is completely separated from windows textbox, new clipboard management is written. All the information in the textbox stored encrypted in safe strings.
  • [ADDED] Some time information about your key/database files are now logged encrypted by a password unique for your the event in config file.

Database

  • [ADDED] The database is now moved to SQLite from plain text file. The database is protected by three layers:
    • Database password
    • Data encryption
    • Sensitive data encryption (only for username and password)
  • [ADDED] Faster database communication with LINQ and ID section.
  • [ADDED] New data (OrbitTime) saved with entries:
    • Last Access Time : Every time user choose to see an entry from database, “last accessed” time updates automatically.
    • Modification Time : Saved when an entry is modified
    • Creation Time : Holds the time when entry is created
  • [ADDED] You can now save icons for entries to database. Password Orbit will find the favicon of the related website for you, or you add your own custom icon (max 200kb). They’ll be included in database, so you don’t worry about keeping the image.
  • [ADDED] You can now attach files (max 1mb) to your entry. There is no format limitation so it can be your QR-code, text file, picture of your credit card, whatever you want. Your attached file will saved in encrypted form as all other information in database.

GUI & Style

  • [ADDED] More and smarter error/warning messages.
  • [ADDED] Some tooltip texts.
  • [ADDED] Textboxes and combo boxes have a watermarked text.
  • [ADDED] Caps lock Mode for safe boxes : caps lock alert image and a little popup is shown if caps lock is on.
  • [ADDED] Insert Mode for orbit text boxes: a custom canvas (same size as the letter its standing on) is being showed if user tries to write on insert mode.
  • [ADDED] Clipboard icons for SafeBox is now with icons, and becomes disabled/enabled depending on the rules.
  • [ADDED] Validation mode for SafeBoxes. Validation is being checked if more than one letter is entered, the result can be seen real-time by a little validation icon (either exclamation mark or a tick) and border color. Captcha box and repeat sections for password use this feature.
  • [ADDED] Smarter XML parsing from config file:
    • Sets default values if XML readings fail.
    • A default error image (:S smiley at the moment) is shown to the user If image couldn’t be parsed, then.
  • [ADDED] Busy indicator in windows for processes that take a bit time.
  • [ADDED] Window and layout settings are loaded automatically on start from config file and saved on exit to config file. This behavior can be disabled in config file.
  • [CHANGED] Forms are now resizable to some extend.
  • [CHANGED] Default font has been changed from boring Microsoft Sans Serif to Verdana.
  • [CHANGED] Password visibility buttons are now inside the orbit safe box, and the eye icon is changed.
  • [CHANGED] There is now delete button in combo box list items (for recent database/key paths).
  • [CHANGED] Exclamation mark icon shows up in recent combo box list if the file is deleted.
  • [CHANGED] Timestamps about recent used files are shown in combo-box.
  • [CHANGED] Config file is improved and more customizable.
  • [CHANGED] Much better look & feel by replacing outdating windows forms to modern WPF.
  • [CHANGED] External control AvalonDock is used for handling docks.

Captcha

  • [ADDED] Smart captcha requirement. Captcha requirement can’t be bypassed by reopening or reinstalling the program. Some registry keys and files are involved.
  • [CHANGED] You don’t need to enter captcha for the first try anymore. You’re supposed to enter it if your first try to access to database fails.
  • [CHANGED] Now all of the letters, including the fake letters and the code, are secured by SafeString and Session Encryption.
  • [FIXED] Audio captcha is not being read after captcha refresh anymore.

Password Generator

  • [CHANGED] You can now customize characters to be used in order to create a strong password. Your settings will be saved automatically and you can go back to default character pools any time.
  • [CHANGED] Smarter sliders that lets you choose the exact percentage of the character types (numbers, special characters..)