In the era of active digital engagement, Safeguarding our digital identities has never been more critical. To make this more manageable, We came up with a solution.
Introducing Bitsafe, An advanced and comprehensive password management solution crafted to elevate the standards of password security. BitSafe is a comprehensive browser extension that allows users to take control of their online security with seamless password management. With a focus on security and user convenience, Bitsafe offers various features which provide users with a robust and intuitive solution for protecting their passwords online. It simplifies password handling across browsers and devices, safeguarding credentials from compromise and enhancing digital well-being.
- Installation
- Dependencies
- Run-locally
- Tech Stack
- Features
- Screenshots
- HaveIBeenPwned API
- Authors
- FAQ
Before you can start using this project, you need to set up your environment. Follow these steps for installation and configuration:
Install Python:
If you don't already have Python installed on your system, you can download it from the official Python website:
Please choose the appropriate version (recommended: Python 3.12.0) for your operating system.
Install Project Dependencies:
-
Open your terminal or command prompt.
-
Navigate to the project directory using the
cdcommand. -
Run the following command to install the required Python libraries from the provided
requirements.txtfile:pip install -r requirements.txt
Setup Database:
Run the following commands to apply migrations and create the database:
python manage.py makemigrations
python manage.py migrateRun the Deployment Server:
Start the Django development server using the following command:
python manage.py runserverVisit http://127.0.0.1:8000/ in your web browser to access the extension locally.
Browser Extension Installation:
Load the extension in your browser by following these steps:
1. Open your browser and navigate to the extensions or add-ons page.
2. Enable developer mode.
3. Choose to load an unpacked extension.
4. Select the extension folder within your project directory.
Setup settings.py:
1. Navigate to the backend/BitSafe/ directory.
2. Use a text editor to open the settings.py file.
3. Scroll down to locate the CSRF_TRUSTED_ORIGINS setting. It's typically around line 75.
4. Launch Google Chrome and navigate to the "Extensions" page. You can do this by typing chrome://extensions/ in the address bar and pressing Enter.
5. Locate the extension id in the Bitsafe extension.
6. Add the Chrome extension ID to the CSRF_TRUSTED_ORIGINS list as per the format in the comment there.
Now, the extension is ready for use. Customize the settings and enjoy a secure password management experience!
Clone the project
git clone https://github.com/MDGSpace-SoC-2023/cyber-sentinels.gitGo to the project directory
cd cyber-sentinels/backendStart the server
python manage.py runserverNavigate to http://127.0.0.1:8000/.
After cloning the repository, follow these steps to set up the browser extension:
1. Open your browser and navigate to the "Manage Extensions" page.
2. Turn on developer mode.
3. Load the unpacked extension:
a. Navigate to the "extension" folder in the cloned repository, which contains the `manifest.json` file.
b. Select the "extension" folder and load it as an unpacked extension.
Now, you can start working with the extension.
Client: HTML, CSS, JavaScript
Server: Python, Django
API: Have I Been Pwned?
Allows the synchronization of chosen passwords across devices. Users can decide which passwords to sync across devices.
Access to our password generator that creates unique passwords, enabling users to set stronger passwords for their accounts.
Notifies users when their passwords become outdated, with reminders scheduled every 90 days for optimal security maintenance.
Conducts password health checks, identifying weak passwords, providing insights into their credential's security posture.
Provides insights into password usage, enabling users to track the frequency and usage patterns of their passwords across various websites. This helps users prioritize password updates and enhance overall security.
Scans the dark web for any signs of compromised passwords. If found, the user will be promptly displayed the corresponding username, allowing them to take immediate action to update them.
Simplifies the login process by automatically populating login credentials on websites, easing the user experience and saving time.
This section provides information on how to use the Have I Been Pwned API to check if a password has been compromised in a data breach.
GET /api/${id}'id' is the first 5 chars of the sha1 format of your password.
| Parameter | Type | Description |
|---|---|---|
id |
string |
Required. First 5 characters of SHA-1 hash of the password |
const axios = require('axios');
const crypto = require('crypto');
const apiUrl = 'https://api.pwnedpasswords.com/range';
// Function to check password exposure using k-Anonymity
async function checkPasswordExposure(password) {
const sha1Hash = crypto.createHash('sha1').update(password).digest('hex').toUpperCase().substring(0, 5);
try {
const response = await axios.get(`${apiUrl}/${sha1Hash}`);
const breachedPasswords = response.data.split('\n');
for (const breachedPassword of breachedPasswords) {
const [suffix, count] = breachedPassword.split(':');
console.log(`Password suffix: ${suffix}, Breach count: ${count}`);
}
} catch (error) {
console.error(error.response.data);
}
}
// Example usage
const userPassword = 'test@123';
checkPasswordExposure(userPassword);
Our virtual vault would make Fort Knox envious!
The only passwords you'll need is 'Password123' - Just kidding! You have one account password. We take care of the rest.
Creating a strong password is essential for protecting your accounts. It should be at least 8 characters long, include a combination of letters, numbers, and special characters, and avoid using easily guessable information like your name or birthdate. You can use our Password Generator to get some unique and strong passwords.
It is not recommended to use the same password for multiple accounts. If one account is compromised, it could put all of your other accounts at risk. We encourage you to use unique passwords for each of your accounts.
If you forget your password, you can click on the 'Forgot Password' link on the login page. You will be prompted to enter your email address, and we will send you instructions on how to reset your password.