Main Content

snopf USB password token

snopf is a very simple, yet effective and easy to use USB password tool. The snopf USB device creates a unique and strong password for every service from the same 128 bit secret which never leaves the token.

Whenever snopf is plugged into the computer you can make a password request and then the red LED will light up. If you press the button within 10 seconds snopf will imitate a keyboard and type the password for the requested service.

snopf is designed as a hardware-based password generator to tackle the security issues most commonly encountered with stored passwords on ordinary PCs, such as reading of password files by malware or browser exploits. It generates passwords deterministically from a securely kept master secret unaccessible to software running on the host.

For more details on security and how it works, see the section Security considerations and Operation principle below. Instructions on how to build your own are found in the section Hardware and Building the Firmware and Host Software. A short manual on how to use snopf after you installed the software is found in How to use it.

Advantages of snopf
Very simple and robust design
Easy to use
You don’t have to remember any passwords anymore (except preferably a master PIN for snopf)
Every password is unique and as strong as the accessed service allows
The actual password creation is only happening on the USB device
It is possible to restore all passwords from a 12 word mnemonic representing the 128 bit secret
It’s more secure than a common pure software based password manager because the password creation is physically detached from the computer
As snopf emulates a regular keyboard, no passwords are stored in the clipboard
Advantage over Common Software Password Managers
Common software password managers are very good tools to create and manage strong passwords for all your logins. Still, there is a possibility of your computer being remotely attacked and an attacker is able to access your password database getting all your login credentials. snopf is an improvement over these managers because an attacker can’t access your snopf token remotely. All passwords are derived from the secret on the device which an attacker must have phyiscal access to. So there is an additional physical barrier for an attacker.”

Link to article