DontSpoof Vault: User Documentation
DontSpoof Vault is a secure, lightweight password manager that encrypts your data locally on your device. This documentation will help you understand the extension’s functionalities, including how to securely save, share, and manage passwords, and how to ensure your data remains private.
Features Overview
- Secure Data Storage: AES-GCM encryption with PBKDF2 key derivation.
- Password Management: Save, view, edit, copy, and delete credentials.
- Password Generator: Generate secure passwords with customizable options.
- Data Sharing: Securely share encrypted passwords with recipients.
- Backup and Restore: Backup your encrypted data and restore it later.
- Session Management: Automatic session timeout and manual logout functionality.
Setup and Configuration
Installing the Extension
- Download DontSpoof Vault from the Chrome Web Store or your preferred Chromium-based browser’s extension marketplace.
- Once installed, the extension’s icon will appear in your browser toolbar.
Setting Up Your Account
- Click the DontSpoof Vault icon in your browser toolbar.
- On the setup screen:
- Enter a Master Password (minimum 8 characters).
- Enter a Passphrase (minimum 4 characters) for backup and recovery.
- A User ID will be automatically generated.
- Click Set Master Password to complete the setup.
Important: Do not forget your Master Password or Passphrase. Losing these credentials will make your data permanently inaccessible.
Using DontSpoof Vault
Saving and Managing Passwords
Saving Passwords:
- Navigate to the Vault tab.
- Enter:
- Site Name: e.g., example.com.
- Username: Your account username.
- Password: Enter your custom password or generate one using the Password Generator.
- Click Save Password to store it securely.
Managing Passwords:
- View saved passwords in the Vault tab.
- Use the Search bar to find credentials by site name or username.
- Copy: Click the copy button to securely copy usernames or passwords to the clipboard.
- Clipboard contents are automatically cleared after 30 seconds.
- Delete: Click the delete icon to remove a saved credential.
Password Generator
- Navigate to the Password Generator tab.
- Customize the password settings:
- Length: Set the desired length (minimum 8 characters).
- Character Sets: Enable or disable uppercase, lowercase, numbers, and special characters.
- Click Generate Password.
- Copy the generated password for immediate use.
Sharing and Importing Passwords
Sharing a Password:
- Go to the Share Password tab.
- Select the credential you want to share.
- Enter:
- Recipient User ID: The unique ID of the recipient.
- Passphrase: A secret phrase for encryption.
- Click Generate Shareable Message.
- Copy the encrypted message and share it securely with the recipient.
Importing a Shared Password:
- Go to the Import Shared Password tab.
- Paste the encrypted message you received.
- Enter the Passphrase provided by the sender.
- Click Decrypt and Import to add the password to your vault.
Data Backup and Recovery
Backing Up Data
- Go to the Settings tab.
- Enter your Master Password and click Backup Data.
- Save the .dsvault file to a secure location.
Restoring Data
- Go to Settings > Import Data.
- Upload the .dsvault file.
- Enter the associated Passphrase and click Import to restore your data.
Note: The backup file is encrypted and can only be restored using the Passphrase.
Testing Your Setup
Testing Encryption
- Open your browser’s developer tools (Right-click > Inspect > Console).
- chrome.storage.local.get([‘encryptedCredentials’], console.log);
- Verify that your saved passwords appear as encrypted strings.
chrome.storage.local.get(['encryptedCredentials'], console.log);
Testing Session Management
- Log in to your vault and let it idle.
- Confirm that the session logs out automatically after 30 minutes of inactivity.
- If sessions don’t log out as expected, manually log out and report the issue via the Bug Report button in the Settings tab.
Session Management
- Auto Logout: Sessions automatically expire after 15 Sec of inactivity.
- Manual Logout: Use the Logout button in the Vault tab to log out manually.
Important: Always log out manually after using the vault, especially on shared or public devices.
Troubleshooting
Forgot Master Password or Passphrase
- If you lose both, your data cannot be recovered.
- If you remember your Passphrase, you can create a new account and restore data from a backup.
Clipboard Issues
- If clipboard content doesn’t clear automatically, clear it manually to protect sensitive data.
Import Errors
- Ensure the backup file and Passphrase match.
Important Notes
- Do Not Forget Credentials:
- Losing your Master Password or Passphrase will result in permanent data loss.
- Always store your Passphrase securely.
- Backup Regularly:
- Create backups frequently and store them in a safe location.
- Protect Your Device:
- Your data is only as secure as your device. Use antivirus software and avoid unauthorized access.
- Report Issues:
Use the Bug Report button in the Settings tab to report any problems.