passguard

🔐 PassGuard

Enterprise-grade password manager with military-grade encryption and zero-knowledge architecture.

✨ Features

🔒 Military-Grade Security

AES-256-GCM encryption for vault data
Argon2id key derivation (OWASP recommended)
RSA-4096 for secure vault sharing
Zero-knowledge architecture - your master password never leaves your device
Auto-lock on inactivity and USB drive removal

🛡️ Security Auditing

Password strength analyzer with real-time feedback
Breach detection via Have I Been Pwned API (k-anonymity)
Security audit reports (PDF export)
Detects weak, reused, and similar passwords
Personal information exposure detection

🌐 Browser Integration

Chrome/Edge extension for one-click autofill
Secure local API with token authentication
Works offline - no cloud dependency

📤 Vault Management

Secure export/import with RSA encryption
Multiple vaults with custom labels
Digital signatures for authenticity verification
Cross-device vault sharing

🎨 Modern UI

Dark mode interface with CustomTkinter
Real-time password strength visualization
Hold-to-reveal password protection
Auto-clearing clipboard (15s timeout)
System tray integration

🚀 Quick Start

Installation

Clone the repository:

git clone https://github.com/arjunjaincs/passguard
cd passguard

Install dependencies:
```
pip install -r requirements.txt
```
Run PassGuard:
```
python main.py
```

First-Time Setup

Create your first vault:
- Click “Create New Vault”
- Enter a vault name
- Create a strong master password (12+ characters recommended)
Add credentials:
- Click “Add Credential”
- Enter website, username, and password
- Use the password generator for strong passwords
Optional - Setup browser extension:
- Click “Browser Extension” button
- Copy the authentication token
- Load the extension in Chrome/Edge
- Paste the token in the extension popup

📋 Requirements

Python 3.8+
Windows/Linux/macOS
Dependencies: See requirements.txt

Core Dependencies

customtkinter - Modern UI framework
pycryptodome - AES encryption
argon2-cffi - Key derivation
cryptography - RSA encryption
requests - HIBP API integration
flask - Browser extension API

🔐 Security Architecture

Encryption Stack

Master Password
    ↓
Argon2id (3 iterations, 64MB memory)
    ↓
256-bit AES-GCM Key
    ↓
Encrypted Vault Data

Zero-Knowledge Design

Master password never stored anywhere
Vault encrypted locally before any storage
Browser extension uses one-time tokens
HIBP checks use k-anonymity (only 5 chars of hash sent)

Auto-Lock Protection

Locks after 3 minutes of inactivity
Locks when USB drive removed (if vault on USB)
Clears clipboard after 15 seconds
Suspends app after 4 failed unlock attempts

📖 Usage

Password Management

Add: Click “Add Credential” or press Ctrl+N
Edit: Click “Edit” button on any credential
Delete: Click “Delete” button (requires confirmation)
Copy: Click “Copy” to copy password (auto-clears in 15s)
Reveal: Hold the eye icon to temporarily reveal password

Security Audit

Click “Security Audit” button
Optionally provide personal info for PII detection
Review findings and recommendations
Export report as PDF

Breach Check

Click “Breach Check” button
Select check type (password-only or account)
For account checks, enter HIBP API key
Review results and update compromised passwords

Vault Export/Import

Export:

Click “Export Vault”
Choose backup (self) or share (other user)
For sharing, select recipient’s public key
Save the .pvgx file

Import:

Click “Import Vault”
Select .pvgx file
Optionally verify sender’s signature
Enter vault label

🌐 Browser Extension Setup

In PassGuard:
- Open vault
- Click “Browser Extension”
- Copy the authentication token
In Chrome/Edge:
- Go to chrome://extensions/
- Enable “Developer mode”
- Click “Load unpacked”
- Select browser_extension folder
Configure Extension:
- Click PassGuard extension icon
- Paste authentication token
- Click “Save Token”
- Status should turn green ✅
Use Autofill:
- Visit any login page
- Click “🔐 Fill with PassGuard” button
- Credentials auto-filled!

🛠️ Development

Project Structure

passguard/
├── main.py                 # Application entry point
├── core/
│   ├── crypto.py          # Encryption/decryption
│   ├── vault.py           # Vault management
│   ├── strength.py        # Password strength analysis
│   ├── security_audit.py  # Security auditing
│   ├── breach_check.py    # HIBP integration
│   ├── export_import.py   # RSA vault sharing
│   └── autofill_server.py # Browser extension API
├── ui/
│   ├── unlock_dialog.py   # Login screen
│   ├── main_window.py     # Main vault window
│   └── security_check_dialog.py  # Breach check UI
├── browser_extension/     # Chrome/Edge extension
└── assets/
    └── icon.ico          # Application icon

Building Executable

# Install PyInstaller
pip install pyinstaller

# Build (Windows)
pyinstaller --onefile --windowed --icon=assets/icon.ico main.py

# Output in dist/main.exe

🔒 Security Best Practices

Master Password

✅ Use 12+ characters
✅ Mix uppercase, lowercase, digits, symbols
✅ Avoid personal information
✅ Use a unique password (not used elsewhere)
❌ Never share your master password

Vault Management

✅ Regular security audits
✅ Update weak/breached passwords immediately
✅ Use unique passwords for each site
✅ Enable auto-lock features
✅ Store vault backups securely

Browser Extension

✅ Only use on trusted devices
✅ Regenerate token if compromised
✅ Lock vault when not in use

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

Have I Been Pwned - Breach detection API
CustomTkinter - Modern UI framework
OWASP - Security guidelines

📧 Support

For issues, questions, or feature requests, please open an issue on GitHub.

PassGuard - Enterprise security, personal control. 🔐

This site is open source. Improve this page.