BurnLock - Offline Password Manager
BurnLock is a privacy-first mobile application for generating secure and truly random passwords, operating completely offline and without storing sensitive data. Its innovative password sharing system splits the unlock key between the user and a minimal server (which does not store the hashed password), enabling secure 2FA implementation for shared access.
In Development...
Challenge: Reinventing Security and Privacy in Password Management
The development of BurnLock arose from the need for a password management solution that prioritizes user security and privacy. Unlike other password managers, BurnLock does not store data on servers, reducing the risk of data breaches.
Technologies
- React Native
- Expo
- Firebase
Challenges
Implementation of Two-Factor Authentication (2FA)
I integrated a two-factor authentication system to add an extra layer of security. This means that when a password and its respective unlock key are shared, the creating user must approve access within 15 minutes.
Generation of Cryptographic Seeds from Graphic Patterns
When the app starts, the user is asked to draw on the screen; this drawing is converted into coordinates, randomized, and used as a seed to create truly random passwords without relying on pseudo-random values. If the seed is stolen, the attacker cannot obtain the passwords, as they are generated with variations of the seed and randomized.
Split Secret Sharing System for Secure Transfer
I developed a feature that allows users to share passwords securely without exposing the password on a server. The user inputs a password and an unlock key, which encrypts the password locally using 2 keys (user and server). The server stores one part of the password, the user another; without both keys, the password cannot be unlocked. This allows the user to share the password with other users without the server having access to the complete password.
Usability-Focused Interface Design for Security Tasks
I designed an easy-to-use interface, enter and create, allowing the user to save presets for use at any time.
Learnings
With BurnLock, I strengthened my knowledge in security, basic cryptography, and robust randomness generation. It was a practical exercise in implementing 2FA and designing mobile architectures that minimize data exposure. This project allowed me to apply React Native and Firebase in a context where user privacy is paramount.