Ijraset Journal For Research in Applied Science and Engineering Technology
Authors: Jasleen Kaur, Kirti , Dharmesh Gidwani
DOI Link: https://doi.org/10.22214/ijraset.2024.65164
Certificate: View Certificate
In today\'s digital age, keeping passwords safely and effectively is a continual challenge because there are so many credentials to maintain for several platforms. While retaining a high degree of security, the focused on users Password Manager system demonstrated in this study makes it simpler to save, retrieve, and handle passwords. Through the integration of a front-end React-based interface with a Node.js and Express backend, the proposed solution allows users to securely keep and access their login credentials. The system uses token-based authentication to ensure that each user\'s information is kept secure and that only they may access it. Features like encoding, edit/delete options, copy-to-clipboard functionality, and password visibility switching further enhance the user experience. The backend links to a database called MongoDB for persistent credential storage, and authentication middleware secures all actions (save, modify, and delete). Future improvements may include cloud synchronization, multiple-factor authentication (MFA), and AI-driven password generating tools to increase accessibility across devices. In the increasingly complex digital environment, this password manager aims to promote secure password management, reduce user cognitive load, and enhance security.
I. INTRODUCTION
People use many different websites in the modern digital era, and each one requires a particular set of security credentials. Managing a large number of passwords may be challenging and often leads to poor password practices, including password reuse, which increases a system's susceptibility to attacks. A secure and user-friendly tool called Password Manager fixes these problems by storing users' encrypted login information so they just need to recall a master password or securely authenticate. This project presents a Password Manager system built with the the MERN (MongoDB, Express, React, and Node.js) stack, with a focus on secure storage, ease of use, and exclusive access for users via authentication tokens. The primary objective of this system is to provide consumers with a seamless experience while prioritizing security when saving, retrieving, and managing their credentials.
Token-based authentication (JWT) to ensure that only those with authorization may access stored data, visibility toggling, password encryption, and CRUD (Create, Read, Update, Delete) activities on saved credentials are some of the features. Using the MERN stack, this password manager combines speed and adaptability to provide a responsive and easily scaled solution.
With future plans to incorporate biometric authentication, multi-device synchronization, and AI-powered password creation, the Password Manager aims to address the evolving security concerns of today's digital world.
A. Hardware Specifications
B. Software Specifications
C. Backend
D. Problem Overview
In today's linked world, most people have several online accounts that require complex, strong passwords. Keeping track of these passwords by hand has several issues:
1) Ineffective Password Procedures
Password Reuse: Many people use the same passwords for many accounts in order to save their energy and time while memorizing multiple login credentials. On the other hand, credential stuffing attacks expose several accounts at risk by breaching a single compromised account.
Simple Passwords: Users usually create weak passwords (such "123456" or "password") to make them simpler to remember. Dictionary or brute-force assaults can easily break these passwords. Passwords that are still the same: Individuals are more susceptible to long-term vulnerability in the case of a data breach because they seldom update their passwords.
2) Weaknesses in Security
Insecure Storage Practices: If users keep their passwords in text files, spreadsheets, or notebooks, they may unintentionally or accidently reveal them.
Phishing attacks: Without an appropriate password manager, users could inadvertently enter their login information into phony websites, making them vulnerable to phishing attacks.
3) Complexity of Access and User Dissatisfaction
Too Many Credentials to Maintain: When a person has accounts on several of websites, it might be difficult for them to remember or keep track of all their passwords.
Frequent Password Resets: Because people forget their passwords so easily, it is necessary for them to be changed on a regular basis. This process might be time-consuming and tiresome.
4) Current Solutions and Their Drawbacks
Password managers with a membership model: Some password managers discourage a wider audience from using them by charging for all services, including cross-platform synchronization.
Usability Problems: Many password management applications are problematic for non-technical users since they are hard to grasp.
5) Risks of Unauthorized Access and Data Privacy
Multi-User Devices: Users who share computers with relatives or colleagues face the risk of having their saved credentials viewed by unauthorized persons if proper session administration and user isolation procedures are not in place.
Inadequate Session Management: Without robust token-based authentication, data leakage might happen if cached credentials remain accessible after a session timeout or logout.
6) Objectives
Safe Data Storage: Store all Bcrypt-encrypted passwords in MongoDB to ensure data security.
User Authentication: Use JWT-based authentication to ensure that users only has access to their personal data.
Create separated user sessions to prevent unapproved access to other members' login information.
CRUD Functions: For adding, editing, viewing, and removing credentials, provide a seamless user experience.
Make sure that passwords are shown in a toggleable manner and that copy-to-clipboard functionality is enabled.
User-Friendly Interface: Utilize Tailwind CSS for adaptive layouts and React.js to build an intuitive front end.
Provide toast alerts to users to inform them of accomplishments or errors.
Real-Time API Integration: Front-end and the back end interactions may be seamlessly managed using Axios.
To get, edit, and delete user data, utilize Express routes.
II. LITERATURE REVIEW
III. All RESULTS AND OUTPUTS
[1] Luevanos, Carlos & Elizarraras, John & Hirschi, Khai & Yeh, Jyh-haw. (2017). Analysis on the Security and Use of Password Managers. 17-24. 10.1109/PDCAT.2017.00013. [2] Patel, Neel & Kalra, Aryan. (2023). \"SECURE PASSWORD MANAGER\". [3] Master, A. (2023) Password managers: Secure passwords the easy way [Preprint]. doi:10.5703/1288284317618. [4] Chaitanya Rahalkar, Dhaval Gujar . A Secure Password Manager. International Journal of Computer Applications. 178, 44 ( Aug 2019), 5-9. DOI=10.5120/ijca2019919323 [5] Chiasson, Sonia & Oorschot, P & Biddle, Robert. (2006). A usability study and critique of two password managers. 15th USENIX Security Symposium. [6] Kadam, Prof & Goplani, Akhil & Mattoo, Shubit & Gupta, Shashank & Amrutkar, Darshan & Dhanke, Jyoti & Kadam, Yogesh. (2023). Introduction to MERN Stack & Comparison with Previous Technologies. European Chemical Bulletin. 12. 14382-14386. 10.48047/ecb/2023.12.si4.1300. [7] Master, A. (2023) Password managers: Secure passwords the easy way [Preprint]. doi:10.5703/1288284317618. [8] Farik, Mohammed & Lal, Nilesh & Prasad, Shalendra. (2016). A Review Of Authentication Methods. International Journal of Scientific & Technology Research. 5. 246-249. [9] Braz, Christina & Robert, Jean-Marc. (2006). Security and usability: the case of the user authentication methods. 199-203. 10.1145/1132736.1132768. [10] Shinde, S.K. and Deshpande, M.V. A study for an ideal password management system. Available at: https://www.ijraset.com/research-paper/an-ideal-password-management-system [11] Ambarish Karole, Nitesh Saxena, and Nicolas Christin. A Comparative Usability Evaluation of Traditional Password Managers. In Kyung-Hyune Rhee and DaeHun Nyang, editors, Information Security and Cryptology - ICISC 2010, Lecture Notes in Computer Science, pages 233–251. Springer Berlin Heidelberg, 2011. [12] Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song. The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers. pages 465–479, 2014.
Copyright © 2024 Jasleen Kaur, Kirti , Dharmesh Gidwani. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Paper Id : IJRASET65164
Publish Date : 2024-11-11
ISSN : 2321-9653
Publisher Name : IJRASET
DOI Link : Click Here