Poor Man's Password Vault

DSCN7411a.JPG

The idea of a simulated USB keyboard captured my immagination back when I first learned about the Yubikey.  The web based authentication service was never very compelling.  But the idea of instantly typing a ridiculously long password is downright cool.  It was so cool, I bought one that very day.  

Unfortunately, the Linux based Yubico tools didn't live up to my expectations.  I was able to get a static password entered, but the tools felt half done and I felt like I was going to brick my $30 toy the next time a bug cropped up.  Added to that, the device didn't quite fill a USB port and quickly stopped working correctly - the very light pressure from the touch sensor was often enough to disconnect the USB.  Finally, after only a few months on my key chain the device died all together.

Enter the Digispark.  I learned that this tiny gem (an Arduino compatible microprocessor) can emulate a USB keyboard.  And it costs $9.  That's nine bucks - lunch money!  The Arduino IDE is intuitive and has extensive sample code.  Here was the code for my "poor man's static password Yubikey."

#include "DigiKeyboard.h"

void setup() {
pinMode(0, OUTPUT); //Convenient Voltage Source
pinMode(1, OUTPUT); //Blinky LED
pinMode(2, INPUT); //Button Input
digitalWrite(0,HIGH); //Turn on the source
}

void loop() {
DigiKeyboard.sendKeyStroke(0);
digitalWrite(1, LOW); //Blink a few times
DigiKeyboard.delay(250);
digitalWrite(1, HIGH);
DigiKeyboard.delay(250);
digitalWrite(1, LOW);
DigiKeyboard.delay(250);
digitalWrite(1, HIGH);
DigiKeyboard.delay(250);
if(digitalRead(2)==HIGH){//check multiple times to debounce
if(digitalRead(2)==HIGH){
if(digitalRead(2)==HIGH) DigiKeyboard.println("Some Really random password!");
}
digitalWrite(0,LOW); //Make sure we don't trigger twice
DigiKeyboard.delay(2000);
digitalWrite(0,HIGH);

}
}
DSCN7418a.JPG

The program is dirt simple.  It spits out a string when the input goes high.  It looks a bit more complicated because I'm blinking an LED just for fun and adding a few lines to clear the input to prevent multiple triggers.  

I initially had a physical button soldered between 0 and 2 (pin 1 is connected to an LED and the switch I had was just wide enough to span between 0 and 2).  I discovered I was triggering the text before I pushed the button.  My skin was conductive enough to complete circuit via the solder bumps.  So I removed the physical button and added some generous solder bumps.  It works just fine with no physical button.  

 Obligatory Shot with a Quarter

To make it more robust in my pocket, I encased the whole thing in two part epoxy.  I was careful to leave the solder bumps exposed and of course the USB leads.  A second layer of epoxy attached the solder braid for an attracive key ring.

It works and it cost $9.  Add in some gently used solder braid and some 5 minute epoxy and you have a $10 password storage key.

Update: 

I didn't intend this to be a negative review of Yubikey, but it certainly read that way.  A few days after I wrote this article, Yubico contacted me and sent me a replacement key.  I didn't want to immediately retract what I said about the Yubikey, but thought I'd stick it on my key chain and see how the new one held up.  I'm happy to say the new key works great and has ever since I got it.  It's obviously been through a redesign and the thicker end stays in a USB port better.   Moreover, the software tools have come a long way and are about as professional as anything I have seen.  They worked equally well in Windows and Linux.

I'm experiencing none of the flakiness I mentioned before.  I have two static passwords programmed into it which is my preferred use case.  I easily update them every 30 days when my employer makes me change to a new impossible-to-remember password.  It even works through an OTG cable so I can update my stored credentials on my smart phone without typing all those special characters on a touch keyboard.  (My Digispark also works through the OTG cable but not everything does.) 

All-in-all, I'd say my new experience has been entirely positive and the price was right.  Even at $25 I'd say the Yubikey is a nice cheap physical password vault.