June 03, 2016 — Today, SatoshiLabs announced TREZOR Password Manager, a new lightweight application designed to store and manage passwords with ultimate security. The Chrome extension is available now for public beta testing for all TREZOR hardware wallet owners.

TREZOR Password Manager brings advanced cryptography into the hands of computer users regardless of their skill level. With a simple button click, the user encrypts each password entry with his personal TREZOR device. The Password Manager then automatically uploads the encrypted data to user’s private cloud storage, making them always available when needed.

As a password manager without a master password,

TREZOR solves the most pressing security flaw of typical password managers — the master password unlocking the entire database. Once leaked or fished out by keylogger malware running silently on one’s computer, a malicious hacker gains access to all data stored in the password manager. Stolen login credentials are then typically sold on the black market to be further exploited by criminals for theft and impersonation.

Examples of master password breaches in RoboForm and LastPass.

Second factor authentication through an app or email adds an extra layer of security but a great deal of discomfort too. Authentication using biometrics can be dangerous — a fingerprint for example, once compromised, can be used by a bad actor again and again without the possibility of change.

The TREZOR device itself serves as a 2nd factor authenticator, unlocking the passwords without the need of third party authentication apps, access to mobile phone or email. Instead of typing a master password to unlock the entire password database, the user only “unlocks” the device — with a secure PIN entry, protected against keyloggers. The PIN also prevents unauthorized physical access.

Using TREZOR for Cloud Security

Even if someone hacks into a Dropbox account, reading the stored passwords is practically impossible. TREZOR adds yet another layer of security by encrypting the password entries on a one-by-one basis with a unique encryption key derived from TREZOR. TREZOR Password Manager is a great showcase on how to approach cloud storage security for individuals.

Passwords Always Available

The TREZOR Password Manager auto-syncs every password entry to the user’s private Dropbox account, providing superb availability from any online computer. Gradually, more options for cloud storage will be added.

Simple, Private Recovery

TREZOR invented an easy way to privately and securely back up the device. During the initial setup, the user is requested to record (write down) and safely store a backup sentence containing 24 words. A simple paper stored in a safe place is all the user needs to restore all of their keys into a new device.

TREZOR is both an encryption device and a secure login token with visual and physical verification.

Planned Improvements

After testing the BETA version, an Import/Export feature will be added. Depending on our users’ requests we may also add an Android app.

Today, our users still need to remember one password — for their Dropbox account. We’re working on enabling a direct login to Dropbox with the TREZOR device, to overcome this limitation.