Mortimer, our multi-user, Rails-based password manager, has received a complete, front-end redesign along with multiple bug fixes and security improvements. Here are some screenshots of the latest release:
Comparing this to the original application’s design, you’ll see huge improvements in usability and aesthetics. Many thanks to Devin Ikram for the novel design work and to Ashley Cross, Skottey Forden, and Tom Rosario for the solid, cross-browser, front-end implementation.
Enjoy this latest release of Mortimer. If you’d like to participate in Mortimer’s development, don’t hesitate to fork us on Github.
Today we release mortimer, our Rails-based password management application. The goal was to produce a secure, multi-user password vault providing basic user permissions and a simple interface. Here’s a screenshot from the current app:
Public-key Cryptography
mortimer secures password using public-key cryptography. Each user on the system has a unique key pair. When you create a password entry, mortimer stores a uniquely-encrypted version of that password entry for each user with access to that password. This ensures that any time a password changes, all users have access to the change, with no compromise in security. And since all private keys are symmetrically encrypted with the user’s password, even a compromised database is fairly useless.
Precautions
Many would still argue that “web application” and “password manager” are mutually exclusive terms. It depends. We recommend, at minimum the following:
- Do not expose mortimer to the public internet.
- Run it over SSL (this is, in fact, required).
- Use strong passwords, and limit access to the production environment.
A work in progress
mortimer should be considered alpha as it will remain under active development. Expect improvement to the UI, along with security tweaks and cross-browser compatibility. Let us know if you find it useful.
Contributions are welcome. Clone or fork us on GitHub.