Any thoughts on this one?

Just in case anyone needs an eli5 (not me, obviously, I totally understood how it works 🙄)


Of course! I’ll simplify everything for you.

Imagine you have a toy box with a secret toy hidden inside. This app works in a similar way to hide and protect your secret number (PIN).

How it hides your PIN:

  1. PIN in a Puzzle: The app places your PIN in a puzzle-like grid and fills up the rest with random numbers. It’s like hiding a toy among many other toys.

    • Even the app doesn’t know where your secret toy (PIN) is in the grid.
    • If someone tries to peek over your shoulder, they won’t easily figure out which toy is your secret one.
  2. Special Keyboard: Instead of using the regular way of typing, the app gives you a special keyboard inside it.

    • This makes it hard for sneaky apps to see what you type.
    • Also, the buttons on this keyboard keep changing places, so if someone is trying to see where you touch, they’ll get confused.

How it keeps things safe inside:

  1. Magic Lock (Encryption): The app uses a magic spell (called AES) to lock your secret toy so that even if someone gets it, they can’t play with it without the magic key.

  2. Secret Name-Tag (Hashing): Every toy (PIN) gets a secret name-tag that only the app can read. It’s like writing a name in a language only the app understands.

  3. Strong Password: If you ever forget things and need a backup way to get your toy, the app has a super-strong password system (called Argon2id).

What happens when you use the app:

  1. Starting the App: The app looks for your toys (PINs) using the magic key and shows you their secret name-tags.

  2. Picking a Toy (PIN): When you choose a toy by its name-tag, the app shows you the toy in its puzzle grid, but hidden among other toys.

  3. Adding a New Toy (PIN): If you get a new toy, you can give it a secret spot in the grid and a secret name-tag. The app will use its magic spell to lock it up safe.

In short: This app is like a magical toy box. It hides your secret toys (PINs) in clever ways and uses special magic to keep them safe.

  • floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Yes, I installed it. I guess the colors are just an optional memory aid - you could always put your PIN on the same color or sequence of colors, read in the same direction, while the arrangement of colors varies from PIN to PIN.

    I think I’m understanding a little better now. The threat model at which this is aimed seems to be people peering over your shoulder while you wait in line at the bank or supermarket. You can call up your forgotten PIN on screen without anyone being able to read it off over your shoulder. If I just store the PIN in Bitwarden it’s more secure in storage but it doesn’t address this particular threat model.

    Given that very narrow threat model, the app is not intended to defend against someone with time to view and analyze your various PIN patterns, and it’s not designed for robust and secure backup of your PINs.

    There’s also the option of requiring user authentication to get into the app (in my case via fingerprint, but it could be via an Android PIN, which you’ll just have to remember unassisted). The protects against someone picking up your phone and browsing your PIN patterns, unless you’re like me and your family always know how to get into your phone.

    So it’s not a bad idea if remembering PINs on the spot in public is enough of a concern to warrant installing a dedicated app. But if you just want a place to store PINs, then a password manager still seems more secure and convenient.