Project - Key Vault

Keeping track of your password 'keys' that grant access to your private places is a worsening problem... because passwords should all be frequently changed, but all be different, long, obscure - making them difficult (if not impossible) to remember.

Staying logged in to websites for days/weeks/months is ok while the relevant cookies are still available in the browser, but when needing to subsequently sign in at a different computer or browser it can be difficult to even remember the login ID let alone the password.

(it wouldn't be the first time I've had to create additional website accounts because I couldn't remember the original account details, and there are many websites from the past that I can't revisit because I don't even remember their names)

Keeping track of computer passwords is also particularly important when dealing with multiple computers, or multiple OS's on virtual machines... resetting Windows passwords may be an annoyance, but it's not even an option for linux.

'OLED Key Vault - by Electroguard - developed on Annex 1.40

'Displays list of computers and/or websites, select an item to display its corresponding login and password

'Optionally select the entry again to display the password in the browser Output page for copy'N'pasting into the target

'Then press anything to clear the password from the browser Output page and return to the list

'Navigate using buttons or rotatary encoder

font=1 '1=smallest, 3=largest

nav=0 '0=buttons, 1=rotary encoder

wrap=1 '0=stop at ends, 1=wraparound from last to first and vice versa

linenumbers=0 '1=include item numbers

tabbed=1 '1=reserve digit pad spaces for lower numbers

frame=1 '1=draw box around menu contents

filename$="/list.txt" 'file containing your password list - items separated by spaces, lines terminated by chr(10) linefeed

redherring=3 '0=off, 1=prefix, 2=suffix, 3=prefix plus suffix (red herrings are unnecessary distraction characters

redherring1$="" 'blank prefix will generate random characters, non-blank chars will be used 'as-is'

redherring2$="" 'blank suffix will generate random characters, non-blank chars will be used 'as-is'

'redherring1$="ME" 'non-blank prefix will be kept and used, else blank will generate random characters

'redherring2$="0123" 'non-blank suffix will be kept and used, else blank will generate random characters

hercol$="red" 'colour of red-herring prefix and suffix - select to contrast with your chosen password colour (pwdcol$)

pwdcol$="white" 'password colour displayed by browser

'pwdcol$="black" 'password colour displayed by browser pwdsize$="7" '1=small, 7=largefromchr=63 'ascii start char for red herring rangetochr=122 'ascii end char for red herring range herrings=0I2C.SETUP 5,4 OLED.INIT 1,1OLED.CLSoled.image 0,0,"/img/key1.xbm" 'startup imageOLED.FONT 2oled.print 6,6,"Key"oled.print 64,49,"Vault"if redherring>0 then gosub redherringspause 1500 pos=1offset=0if font=1 then w=10: h=10: t=1: cx=6: cy=6: cr=3: b=10: lines=6if font=2 then w=12: h=15: t=1: cx=7: cy=8: cr=4: b=14: lines=4if font=3 then w=24: h=21: t=0: cx=8: cy=12: cr=4: b=19: lines=3OLED.FONT font OLED.COLOR 1delim$=" "eol$=chr$(10)if file.exists(filename$)=1 then sites$=trim$(file.read$(filename$)) else sites$="MISSING"+eol$+"LIST.TXT"+eol$ sites$=replace$(sites$," "," ") 'gets rid of any double spacessites=word.count(sites$,eol$) 'counts how number of list itemsdigits=len(str$(sites))dim site$(sites)dim logon$(sites)dim pwd$(sites)for c=1 to sites entry$=word$(sites$,c,eol$) site$(c)=word$(entry$,1,delim$) logon$(c)=word$(entry$,2,delim$) pwd$(c)=word$(entry$,3,delim$)next cif sites < lines then lines = sitesbranch$=""debounce = 100 'debounce duration for buttons and rotary encoder contactslongpress=100000 if nav=0 then gosub buttons else if nav=1 then gosub rotary else wlog "invalid nav option": endclsgosub displaywaitdisplay:if branch$="html" then clsbranch$="display"OLED.COLOR 1OLED.CLSfor line = 1 to lines col=0 if linenumbers=1 then n$=str$(line+offset) if tabbed=1 then if font=2 then n$=space$((digits-len(n$)))+n$ else n$=space$((digits-len(n$))*2)+n$ 'workaround for half space font 2 endif OLED.PRINT 12,t+(line*h)-h,n$+" "+site$(line+offset),col else OLED.PRINT 12,t+(line*h)-h, site$(line+offset),col endifnext lineop$=str$(line)+" " + site$(pos)oled.circle cx,t+(pos*h)-h+cy,cr,2if frame=1 then oled.rect 0,t,128,64-treturnrotary: rotaryA=13 'Rotary encoder pulse B output pinrotaryB=12 'Rotary encoder pulse A output pinmpin=14 'Rotary encoder selector button pinmstart=millis: mstop=millis:pin.mode mpin, input, pulluppin.mode rotaryA, input, pulluppin.mode rotaryB, input, pullupinterrupt rotaryA, rotationinterrupt mpin, mpressedreturnrotation:interrupt rotaryA, offif pin(rotaryA)=0 then if pin(rotaryB)=0 then gosub moveup else gosub movedownendifpause debounceinterrupt rotaryA, rotationreturnbuttons:lstart=millis: lstop=millis: mstart=millis: mstop=millis: rstart=millis: rstop=millislpin=12: pin.mode lpin, input, pullup 'left buttonmpin=14: pin.mode mpin, input, pullup 'middle buttonrpin=13: pin.mode rpin, input, pullup 'right buttoninterrupt lpin, lpressedinterrupt mpin, mpressedinterrupt rpin, rpressedreturnmoveup:if branch$="display" then if pos>1 then pos=pos-1 else if offset>0 then offset=offset-1 ELSE if wrap=1 then pos=lines: offset=sites-linesendifgosub displayreturnmovedown:if branch$="display" then if pos<lines then pos=pos+1 else if lines+offset<sites then offset=offset+1 ELSE if wrap=1 then pos=1: offset=0endifgosub displayreturnselected:if branch$="display" then branch$="selected" selected$=site$(pos+offset) oled.cls oled.print 10,10,selected$ 'show selected item for confirmation oled.print 10,30,logon$(pos+offset) 'show selected item for confirmation oled.print 10,50,pwd$(pos+offset) 'show selected item for confirmation returnendifif branch$="selected" then branch$="html" oled.cls oled.print 10,10,"PWD shown in browser" 'show selected item for confirmation oled.print 10,30,"Press again to clear" oled.print 10,50,pwd$(pos+offset) 'show selected item for confirmation msg$=|<font size="|+pwdsize$+|">| msg$=msg$+|<font color="|+hercol$+|">|+redherring1$+|</font>| msg$=msg$+|<font color="|+pwdcol$+|">|+pwd$(pos+offset)+|</font>| msg$=msg$+|<font color="|+hercol$+|">|+redherring2$+|</font>| html msg$ returnendifif branch$="html" then gosub displayreturnlpressed:interrupt lpin, offpause debounceif pin(lpin) = 0 then lstart = millis else lstop = millisif lstop > lstart then if lstop - lstart < longpress then gosub moveup else oled.cls OLED.PRINT 10,10, "Long LEFT" endifendifinterrupt lpin, lpressedreturnmpressed:interrupt mpin, offpause debounceif pin(mpin) = 0 then mstart = millis else mstop = millisif mstop > mstart then OLED.CLS if mstop - mstart < longpress then gosub selected else oled.cls OLED.PRINT 10,10, "Long MIDDLE" endifendifinterrupt mpin, mpressedreturnrpressed:interrupt rpin, offpause debounceif pin(rpin) = 0 then rstart = millis else rstop = millisif rstop > rstart then if rstop - rstart < longpress then gosub movedown else oled.cls OLED.PRINT 10,10, "Long RIGHT" endifendifinterrupt rpin, rpressedreturnredherrings:if (redherring=1) or (redherring=3) then if redherring1$ = "" then herrings=rnd(10) for c=1 to herrings redherring1$=redherring1$ + chr$(rnd(tochr-fromchr)+fromchr) next c endifendifif (redherring=2) or (redherring=3) then if redherring2$ = "" then herrings=rnd(10) for c=1 to herrings redherring2$=redherring2$ + chr$(rnd(tochr-fromchr)+fromchr) next c endifendifreturn'------------- End -------------

'M5stack Key Vault - by Electroguard - developed using Annex32 1.37 beta6

title$="M5 Key Vault"

filename$="/list.txt" 'file containing your password list - items separated by spaces, lines terminated by chr(10) linefeed

redherring=3 '0=off, 1=prefix, 2=suffix, 3=prefix plus suffix (red herrings are unnecessary distraction characters

redherring1$="" 'blank prefix will generate random characters, non-blank chars will be used 'as-is'

redherring2$="" 'blank suffix will generate random characters, non-blank chars will be used 'as-is'

'redherring1$="ME" 'non-blank prefix will be kept and used, else blank will generate random characters

'redherring2$="0123" 'non-blank suffix will be kept and used, else blank will generate random characters

hercol$="red" 'colour of red-herring prefix and suffix - select to contrast with your chosen password colour (pwdcol$)

pwdcol$="white" 'password colour displayed by browser

pwdcol$="black" 'password colour displayed by browser

pwdsize$="7" '1=small, 7=large

fromchr=63 'ascii start char for red herring range

tochr=122 'ascii end char for red herring range

if redherring>0 then gosub redherrings

herrings=0

delim$=" "

eol$=chr$(10)

if file.exists(filename$)=1 then sites$=trim$(file.read$(filename$)) else sites$="MISSING"+eol$+"LIST.TXT"+eol$

sites$=replace$(sites$," "," ") 'gets rid of any double spacessites=word.count(sites$,eol$) 'counts how many list entries dim site$(sites)dim logon$(sites)dim pwd$(sites)for c=1 to sites entry$=word$(sites$,c,eol$) site$(c)=word$(entry$,1,delim$) logon$(c)=word$(entry$,2,delim$) pwd$(c)=word$(entry$,3,delim$)next cred=tft.rgb(255,0,0):green=tft.rgb(0,255,0):blue=tft.rgb(0,0,255)darkred=tft.rgb(150, 0, 0):darkgreen=tft.rgb(0,150,0):darkblue=tft.rgb(0,0,150)cyan=tft.rgb(0,255,255):pink=tft.rgb(255,0,255):orange=tft.rgb(255,165,0):yellow=tft.rgb(255,255,5)black=0:white=tft.rgb(255,255,255):lightgrey=tft.rgb(200,200,200):darkgrey=tft.rgb(128,128,128)font=2fill=black:foreground=white:background=filltitlecolour=red:numberscolour=yellow:buttonscolour=black:buttonbackground=lightgreytft.inittft.jpg "/img/vaultkey.jpg"tft.text.size 4tft.text.pos 14, 13tft.text.col yellow,backgroundtft.print "Key"tft.text.pos 190, 190tft.print "Vault"pause 2000localfont=3tft.text.size localfontlocalfill=filllocalforeground=whitelocalbackground=localfillpos = 1offset = 0margin=1changed = 0interrupt 39, lbuttoninterrupt 38, mbuttoninterrupt 37, rbuttonlstart=millis: lstop=millis: mstart=millis: mstop=millis: rstart=millis: rstop=millisgosub showlistwaitshowlist:clsbranch$="showlist"head = 1 * localfont * 8foot = 2 * localfont * 8canvas = 240 - head - footlines = cint(canvas / (localfont * 8))tft.fill fill tft.text.size 2tft.text.pos 4, 3tft.text.col titlecolour,backgroundtft.print title$tft.text.size 2tft.text.col numberscolour,backgrounddata$ = str$(pos+offset) + " of " + str$(sites)tft.text.pos 316-(len(data$) * 6 * localfont), 4tft.print data$if sites < lines then lines = sitesfor c = 1 to lines tft.text.pos margin*localfont*6-4, (c*8*localfont)+4 if c = pos then tft.text.col background,foreground else tft.text.col foreground,background tft.print site$(c+offset) next cfooterreturnredherrings:if (redherring=1) or (redherring=3) then if redherring1$ = "" then herrings=rnd(10) for c=1 to herrings redherring1$=redherring1$ + chr$(rnd(tochr-fromchr)+fromchr) next c endifendifif (redherring=2) or (redherring=3) then if redherring2$ = "" then herrings=rnd(10) for c=1 to herrings redherring2$=redherring2$ + chr$(rnd(tochr-fromchr)+fromchr) next c endifendifreturnlbutton:if (pin(39) = 0) then lstart = millis else lstop = millisendifif lstop > lstart then select case branch$ case "showlist" pos = pos - 1 if pos < 1 then pos = 1: offset = offset - 1 if offset < 0 then pos = lines: offset = sites - lines gosub showlist case else gosub showlist end selectendif returnmbutton:if (pin(38) = 0) then mstart = millis else mstop = millisendifif mstop > mstart then select case branch$ case "showlist" gosub selected case "selected" gosub browser case "browser" cls gosub showlist case else gosub showlist end selectendif returnrbutton:if (pin(37) = 0) then rstart = millis else rstop = millisendifif rstop > rstart then select case branch$ case "showlist" pos = pos + 1 if pos > sites then pos = 1: offset = 0 if pos > lines then offset = offset+1: pos = lines if offset+lines > sites then offset = 0: pos=1 gosub showlist case else gosub showlist end selectendif returnselected:branch$="selected"choice$ = site$(pos+offset)tft.fill whitedata$ = " "+site$(pos+offset)tft.text.size 2tft.text.col darkblue,whitetft.text.pos 0, 40tft.print data$data$ = " " + logon$(pos+offset)tft.text.size 2tft.text.col darkgreen,whitetft.text.pos 0, 110tft.print data$data$ = " " + pwd$(pos+offset)tft.text.size 2tft.text.col darkred,whitetft.text.pos 0, 180tft.print data$returnbrowser:branch$="browser"tft.text.size 4tft.fill redtft.text.col white,redtft.text.pos 55,20data$ = "Password"tft.print data$tft.text.size 3tft.text.pos 50,60tft.print " shown in"tft.text.pos 50,90tft.text.size 4tft.print " browser" tft.text.pos 10,140tft.print "Press button"tft.text.pos 50,180tft.print " to clear"msg$=| <font size="|+pwdsize$+|">|msg$=msg$+|<font color="|+hercol$+|">|+redherring1$+|</font>|msg$=msg$+|<font color="|+pwdcol$+|">|+pwd$(pos+offset)+|</font>|msg$=msg$+|<font color="|+hercol$+|">|+redherring2$+|</font><br>|html msg$returnsub footerxpos = 0tft.text.col buttonscolour,buttonbackgroundtft.text.size localfontfooter$ = " Ok "tft.text.pos 163-(len(footer$)/2 * 6 * localfont), 232-(8 * localfont)tft.print footer$footer$ = " < "Lbutton = 66 - (len(footer$)* 6 * localfont /2)tft.text.pos Lbutton , 232-(8 * localfont)tft.print footer$footer$ = " > "Rbutton = 253 - (len(footer$)* 6 * localfont /2)tft.text.pos Rbutton , 232-(8 * localfont)tft.print footer$end sub'---------- End -------------

Privacy and Security

The following is just common knowledge which is freely available on the internet for anyone who cares to look.

Any data shown in a browser, or which can be 'packet sniffed' during transmission (especially wifi), or stored on computer or other device with internet connection ... is vulnerable.

The internet provides a convenient path for others to invade your privacy and exploit your personal data at your expense.

If you think that doesn't apply to you, then you should pay particular attention, because you could be especially vulnerable.

You, and all internet users, are considered a valuable resource for global data harvesting by anyone who can get at you. This includes armies of individual hackers, organised crime, governments, huge global corporates beyond national controls ... the biggest invaders of privacy are actually the mega companies with household names like Microsoft and Google whose products are specifically designed to harvest personal user data and send it back via the users internet connection at the users expense.

By default Windows 10 logs all keystrokes and mouse activity, all browser activity, and much more - their data harvesting is called 'telemetry', but users can't complain because they've already agreed to the Microsoft terms and conditions in order to be users. And nobody complains on their behalf because everyone else involved benefits at the users expense. Government agencies not only have access to the harvested data, they are provided with secret backdoors into users systems, even though the very presence of such backdoors obviously makes users systems inherently more vulnerable to illegal attack and exploitation. An entire anti-malware industry exists because of criminal exploitation of software vulnerabilities - most of the vuilnerable software coming from Microsoft.

Most search engines track results to spot global trends and to return better tailored search results, but only a few who respect users privacy don't record personal data and past history results to target individual users with commercial or political bias.

Chrome reports everything back to Google, who has huge investment in AI to predict users choices so they can pre-empt and nudge users in their own preferred directions. Browsing habits are recorded, and search results are biased to include items Google prefers users to see and buy, bumping up offerings from paying 'commercial partners' even though they may be less relevant to users needs.

The contents of all Gmails are scanned, and kept by google even after users delete them from their mailbox.

Although such data harvesting is more invasive and prolific than any spyware, it is not legally considered an invasion of privacy because users have already agreed the terms and conditions, thereby also tacitly agreeing similar terms and conditions for other google products and services such as Facebook and YouTube. Google cross-references users data harvested from many products and services, including mobile phone data, to build profiles of users including their physical location and movements.

ISP's harvest and sell their users internet activities, and of course provide those details to government agencies.

As more and more opportunists jump on the bandwagon to harvest and sell users data, it's become normal and expected to be forced into agreeing terms and conditions before being allowed into to websites - failure to give up your privacy often means you must leave.

Data customers are willing to pay big money to influence such things as product purchase and public opinion... without the public even knowing or caring.

Data harvesters and their paying customers only consider users data a resource to make money from. Although the sale of harvested data should technically be limited to less personal 'metadata' for statistical analysis, that is known to not always be the case, but even if it is just the tip of a dangerous iceberg, there is nobody on iceberg watch anyway.

Even IF the legal data harvesters can be arguably considered ethical themselves, they have little control over how it is initially used after they sell your data, or how often it finds its way into other less scrupulous hands, or for what purposes it will eventually be used.

There is little effective oversight on omnipotent government agencies who are given access to the harvested data, and even less after being handed to other nations with different laws and ethics, participating in 5 eyes 9 eyes 14 eyes and other data sharing accords.

Illegal data harvesting is done on a massive scale by criminals who hack into servers to steal user data, thus avoiding need for users consent ... Yahoo has been hacked so many times resulting in data thefts to millions of users that it has become almost a regular crop harvest - and countless similar data thefts are such a frequent occurrence that they hardly make news anymore, let alone headlines.

Returning to the subject of your private logins and passwords contained in your 'list.txt' file... an awareness of data-harvesting offers you opportunity to improve your own privacy and security to lessen the risk of personal loss or disaster... but what you do about it - if anything - is entirely up to you.

Improving Data Privacy & Security

To avoid commercial or political harvesting of your browsing history and personal data you could use an independent browser such as Firefox.

To avoid your ISP harvesting your browsing history from its DNS servers... in Firefox go into Preferences, Network Settings, then tick "Enable DNS over HTTPS" - this will use alternative DNS server look-ups which cannot be tracked by your ISP.

To reduce manipulation by commercially biased search results, and stop your personal data and usage from being recorded, you could change the default search engine to DuckDuckGo, who say (quote)... "We don't store your personal information. Ever.

Our privacy policy is simple: we don't collect or share any of your personal information."

A couple of less familiar alternative search engines which also respect your privacy are Startpage and Qwant, but there are others.

If you are not happy about all your gmails being read and kept indefinitely, you might want to grab yourself a free secure Proton email account. Proton mail boxes are encrypted - so don't forget your password, because not even Proton can access your mailbox, therefore you would lose access to everything.

Proton to Proton emails are encrypted end to end, so they are secure from sender to recipient every step of the way.

TIP: If you had 2 Proton accounts you could securely send all your passwords to yourself from one account to the other and vice versa, then even if you got locked out of one account due to forgetting its password... you could easily get it back from the other account and regain access to all your encrypted mail again.

TIP: If you have a Proton account, you could securely create and maintain your 'list.txt' file of logins and passwords directly from within your encrypted mailbox, allowing you to remove all trace of it from your computer after uploading to your Annex Key Vault.

In addition, Proton offers (quote):

"a free virtual private network (VPN).

ProtonVPN enables you to:

protect your privacy by hiding your IP address

browse the web securely (even on public WiFi)

visit blocked or censored websites"

Don't expect it to be as fast as a paid VPN - but hey, it offers you free online privacy!

You can publish content on LBRY.TV to avoid registering with YouTube and having to accept its commercialism and restrictions.

LBRY says (quote):

"Almost every tech giant today is a centralized service that sells users' personal information and attention to advertisers. They spend a lot of money chasing their product (your personal information and time/attention), but at the end of the day, users (you) offer it up for free in exchange for access to the platform.

We think users should own their content (and their privacy) instead of handing it over to a corporate giant and their advertising buddies. If you think we're paranoid, there are dozens of examples of companies abusing users and acting against their interests. It's not paranoia if they're actually out to get you."

LiBRaRY uses a secure blockchain protocol which is completely free to use, and offers incentive for registered users by giving LBC as virtual currency rewards for eg: just watching Annex content. Using this link to join will earn some additional LBC as a first reward.

You can reduce the personal profile which Google collates about you from cross-referencing your Facebook data with other social media accounts, email addresses, phone numbers,etc... by 'compartmentalising' your different accounts - ie: use different email addresses and contact information, and avoid including links from other social media platform in each other.

Firefox says (quote):

"if you still kinda like Facebook but don’t trust them, then try the Facebook Container extension by Firefox and make it harder for them to track you around the web"

There are sites which actually offer free fake ID's in many countries ... so although you may be bullied into agreeing terms and conditions or giving out contact information, you can avoid meekly handing over your true identity and giving away your privacy.

Likewise for sites that want your email address before allowing access... you can grab a free temporary '10 minute' email address to register for free downloads etc without being forever haunted by spam or pestered by sales blurb,

If you want an inherently secure OS that has no need of anti-virus or anti-malware etc, look at linux.

No commitment is needed... most flavours of Linux offer 'Live Boot' from USB stick, allowing opportunity to gain familiarity without needing to burn any bridges. If and when you do start using Linux, you can still continue using Windows at the same time by using free virtualisation software (both Linux and Windows were being used at the same time to make this projects demo video).

The bottom line is that your privacy and security are your responsibility, and you should assume that everyone else is out to get what they can from you, so it is up to you to take whatever steps you feel necessary to stay safe and secure, The Key Vault offers a practical way to help you improve the security of your passwords, but it can only be as safe as you choose to make it.