Kurt Andro – April 17th 2014
A device that looks like a smartphone at first glance, but is actually just a password manager. A portable device running solely a functionally reduced operating system and a password manager. It would only require moderately powerful hardware (display, memory, processor) and should of course be fully encrypted.
It should (with one exception*) not contain any parts or interfaces that would allow external communication, i.e. no modem, SIM card holder, Ethernet, Wifi, Bluetooth, SD card holder, microphone, camera, etc., because password managers running on PCs or smartphones that are connected to the outside world, are (in my opinion) not secure enough to entrust them with important secrets such as passwords, PINS, etc.
* For (also encrypted) database backups, the device should have a memory card holder in which no standard cards (SD or similar) fit. A new card type (shape, size) should be created that can only be used for this device type and this application. This is to prevent these cards from (accidentally) being inserted into other devices and potentially losing data or being contaminated with malware. Two cards should be supplied with the device so that one can be stored alternately in a different location.
As the only application the password manager starts immediately after switching on with the query of the master password. Incorrect entries result in forced pauses, which become longer from one failed attempt to the next.
The manufacturer would have to guarantee to be able to supply replacements for this type of device and these memory cards for many years. Due to the very simple equipment such a device is probably relatively inexpensive to manufacture.
Pros: Hardly surpassable security. Comfortable and mobile to use. Cons: Passwords must be entered manually when using (e.g. in the browser). Automatic filling of form fields is of course not possible.
I think it would be great if the social purpose company Purism would build such a device and use a scaled down PureOS plus a free password manager for it.