I’ve run into a problem a few times recently, which is that having done all the right things with passwords i.e. using a password manager and having them be unique strings of basically random garbage, I now need to enter them in somewhere I haven’t got my password manager running on. I’m typically sitting in a meeting room wanting to demo something on the shared computer, and I’ve got my phone which is authenticated to the password manager. Currently, this takes an extended period of time of manually copying over the login while my internal monologue is wondering why I set this password, what the heck is that symbol, and why don’t I just change it to something simpler I can type more easily next time?
Companionate is intended to bridge that gap. It’s a Single Page App (using hand-crafted navigation as quite frankly it was easier) that lets you enter the login on your phone (or other portable device), have it display a QR code with the information in, and then load the same website on the shared machine and have it read in the QR-encoded login.
On the other hand
- This encourages the continued use of strong passwords
- Copying the password direct to the clipboard avoids the problem of colleagues accidentally finding out your password while you’re copying it over (less of a problem if it’s just random noise, but useful if it’s still a weak one)
- The QR code data isn’t encrypted in any way, but should be reasonably secure from random glances in a room v.s. actual text
If you’re feeling paranoid, feel free to run your own copy (if you’re really paranoid, what are you doing copying passwords onto a machine you haven’t audited down to the silicon yourself!), but I feel it’s a reasonable point at the security/usability trade-off. There are other things that could be done to make it better e.g. make the QR-codes one-time logins or integrate into a password manager, but that would require further backend integration, whereas this works with all services out of the box.