I feel your pain! So much that I built my own Local Password Manager -> Pocket Pass Manager [You get it? Pocket ≠ Cloud eh eh eh].
When LastPass moved from a free to a paid business model (paid-or-f%$k-you with users locked-in), I decided to build a password manager for myself, friends and family. I knew that password managers like One Password used only open source libraries for encryption, which made it seem simple to create a similar app, but improving the user interface and overall experience (I'm a sucker for great UIs).
This was before all LastPass fuck-ups, I (correctly) thought vault syncing was a bad idea, thus I took the local approach.
Building a local password manager has several advantages. Firstly, it avoids the risks involved in sending passwords over the internet. Secondly, there is no need for servers, meaning there are no fixed costs, forcing me to implement a subscription model. Lastly, users can be assured their passwords are secure, as they know where their passwords are at all times; for instance, you can check the app doesn't make any internet connections, and the encrypted sqlite database can be downloaded and audited.
Admittedly, I understand that other local password managers exist, but building my own was a fun personal project, developed to my satisfaction.
[I built this thing in pure Swift exclusively for iOS, as is what I used daily at Reliby (my startup-ish), and I wanted to try a 100% SwiftUI approach]
Before getting to code, one problem needed more thought: how to access the passwords from other devices? Macs have a shared clipboard, but I used Windows half of the time, I needed to find a way without compromising the security nor the locality. Inspired by Snapdrop and VLC's local upload, I came up with the idea of making the iPhone behave as a local web server, enabling users to access their keys on other devices on the same network (local network).
The first implementation, V1, used SSL (HTTPS) to encrypt the passwords payload, but the certificate couldn't be trusted, and some web browsers didn't accept it. Hence, I had to install the certificate on my computers, which ultimately became frustrating. However, this approach proved the concept could work. I ditched LastPass in just a couple of weeks!
For the second version (current is 2.3.0), I rewrote most of the code, focusing on creating a new web server approach that runs over unencrypted HTTP. The password payload is then encrypted with 256-bit AES using another key randomly generated on the explorer (client) that is transmitted to the phone by scanning a QR code. This approach ensures that even if someone is "listening" on the local network, they cannot obtain the key. What's more, users have a physical confirmation of the computer they were sharing the key with. Even if someone accessed the user's phone server, nothing would be transmitted without scanning the code. How cool is that?
Using the Pocket Pass Manager app, which is available in the App Store, users press "Share on the phone," access "jorges-iPhone.local," scan the QR code, and passwords (and other data) appear like magic on their other device.
The app also includes a built-in authenticator, credit cards, notes, offline security analysis of passwords, CSV import, and custom backups.
There is in-app purchase ($4) for adding over 20 passwords. However, those who cannot or do not want to pay can join the beta channel, where unlimited access is granted. Feedback is appreciated, but you should do backups as the app could experience bugs.
I cannot believe that my app's UI looks better than LastPass, which has millions of expenditure.
When LastPass moved from a free to a paid business model (paid-or-f%$k-you with users locked-in), I decided to build a password manager for myself, friends and family. I knew that password managers like One Password used only open source libraries for encryption, which made it seem simple to create a similar app, but improving the user interface and overall experience (I'm a sucker for great UIs).
This was before all LastPass fuck-ups, I (correctly) thought vault syncing was a bad idea, thus I took the local approach.
Building a local password manager has several advantages. Firstly, it avoids the risks involved in sending passwords over the internet. Secondly, there is no need for servers, meaning there are no fixed costs, forcing me to implement a subscription model. Lastly, users can be assured their passwords are secure, as they know where their passwords are at all times; for instance, you can check the app doesn't make any internet connections, and the encrypted sqlite database can be downloaded and audited.
Admittedly, I understand that other local password managers exist, but building my own was a fun personal project, developed to my satisfaction.
[I built this thing in pure Swift exclusively for iOS, as is what I used daily at Reliby (my startup-ish), and I wanted to try a 100% SwiftUI approach]
Before getting to code, one problem needed more thought: how to access the passwords from other devices? Macs have a shared clipboard, but I used Windows half of the time, I needed to find a way without compromising the security nor the locality. Inspired by Snapdrop and VLC's local upload, I came up with the idea of making the iPhone behave as a local web server, enabling users to access their keys on other devices on the same network (local network).
The first implementation, V1, used SSL (HTTPS) to encrypt the passwords payload, but the certificate couldn't be trusted, and some web browsers didn't accept it. Hence, I had to install the certificate on my computers, which ultimately became frustrating. However, this approach proved the concept could work. I ditched LastPass in just a couple of weeks!
For the second version (current is 2.3.0), I rewrote most of the code, focusing on creating a new web server approach that runs over unencrypted HTTP. The password payload is then encrypted with 256-bit AES using another key randomly generated on the explorer (client) that is transmitted to the phone by scanning a QR code. This approach ensures that even if someone is "listening" on the local network, they cannot obtain the key. What's more, users have a physical confirmation of the computer they were sharing the key with. Even if someone accessed the user's phone server, nothing would be transmitted without scanning the code. How cool is that?
Using the Pocket Pass Manager app, which is available in the App Store, users press "Share on the phone," access "jorges-iPhone.local," scan the QR code, and passwords (and other data) appear like magic on their other device.
The app also includes a built-in authenticator, credit cards, notes, offline security analysis of passwords, CSV import, and custom backups.
There is in-app purchase ($4) for adding over 20 passwords. However, those who cannot or do not want to pay can join the beta channel, where unlimited access is granted. Feedback is appreciated, but you should do backups as the app could experience bugs.
I cannot believe that my app's UI looks better than LastPass, which has millions of expenditure.
Here are the links if you want to try it out, I hope you like it. - AppStore: https://apps.apple.com/us/app/pocket-pass-manager/id15638393... - TestFlight (beta/free): https://testflight.apple.com/join/NeYmSS4B
Feedback is much appreciated.