Lock-Key Password Manager
Password security is a fundamental aspect of IT and cybersecurity, and this project was developed to deepen my understanding of secure password storage, encryption techniques, and authentication mechanisms. While this tool serves as a learning experience, it is not intended for real-world use as a password manager. Below I go through my thought process and explain what function each line of code does.
1. Creating a Password Generator
In order to generate passwords, we must be able to grab any type of characters and . Import string is what allows us to have any type of characters in our password, whether it be numbers, letters, or special characters. Import random, randomly selects the characters for the password.
​
The function on line 4 creates a password based on the required length of the password and if special characters and/or numbers are required. ​
​
Line 9-13 serves to combine the characters based on the user preferences. In other words if numbers ​or special_characters are equal to True it will add those characters to the password.
​
Lines 15-18 is the logic behind the generation of passwords; pwd stores the generated password, meets_critieria makes sure that the required conditions have been met, has_number/has_special checks if the passsword contains at least one number and special character. All are set to false to prevent returning an invalid password.
​
Lines 20-35 generates the password for the user. The while loop runs and adds characters until it meets the required length. (Lines 20-22) It then checks if the character is a number or a special character. (lines 24-27) Once that is done, the code will then check if the password meets every criteria. (lines 29-35)
​
The last 4 lines of code asks for user input in order to create a secure password that meets their standards. Once standards are met it will show the user a generated password based on their input.
​
2. Creating the Password Manager
After the password generator, I needed a place where I can store my passwords and keep them secure. The plan is to keep passwords secure using Fernet. Fernet is an encryption system from the cryptography module, which essentially allows you to encrypt or decrypt texts.
​
After importing the encryption module, I created a locked storage space to store all my passwords. With every lock a key is needed to open it, lines 6-10 create a key file needed for encryption and decryption. The lines are commented out because only one key is needed, if another key was created old passwords would be unreadable.
​
Lines 13-17 allows me to retrieve the secret key and use it to encrypt or decrypt any passwords I would want. The key is not stored in plain text but in binary, which is why the read mode is in "rb" (read-binary). Once I am done looking at my passwords, the file closes and the key is returned.
​
​
3. Combining both to create LockKey Passwords
After creating both the password generator and manager it is time to combine both codes together. To make the code more cohesive when combined, a few lines of code were added to make it run smoothly and more secure.
​
The first change to notice is that I added one more tool to the code on line 4. Import os helps the code read and write files on the computer, which will be important when creating passwords and saving them in a seperate file.
​
The second change the addition of the master password and the authentication process in lines 17 - 45.
​
Lines 19 - 31 asks the user for the master password and once the master password is entered it will grant the user access to their passwords however, all the passwords will be encrypted.
​
Lines 33 - 45 asks the user for the master password one more time to decrypt the passwords this was done for added security.
​
In both cases, the user will have 3 attempts to enter the master password before getting locked out.
​
4. Viewing and Adding passwords
The code seen on the right is very similar to the code shown on slide 2. The only changes that were added was the encryption and decryption process.
​
The view function (lines 47 - 69) starts off by opening a text file where all your passwords will be stored. It then removes any extra spaces from the end of the line using line.rstrip(). Then the code splits each line into the account username and the encrypted password associated with it. After showing the username and encrypted password, it will ask the user if they would want to decrypt the password using fer.decrypt() asking for the master password.
​
To add passwords to the passwords.txt file refer to lines 71 - 86. The program is based on user input (lines 73 -75) . After asking what kind of password the user would want, it will then generate a password following the guidelines the user inputted. The program will then encrypt the password so no one else can see it, then store it in passwords.txt (lines 77 - 86).
The process of viewing and adding passwords wouldn't be able to work with the password generator function (line 88 - 113). If you look closely, this function is the same as the one shown in the first slide.
​
To reiterate, this function works by creating a random password using a random combination of letters, numbers, and symbols. The function will continue adding random letters, numbers, and/or symbols until the password meets the rules the user created.
​
After combining the password manager with the password generator, I shifted my focus on the main program (lines 116 - 129). The main program starts by asking for the master password, once inputted it will ask the user if they would like to view or add any passwords.
​
Depending on the user input, the user can view their encypted password with their associated usernames or add new passwords if they would like. To quit the program, it is as simple as typing in "q" and the program will exit.