ScanPassNFC

Secure passwords are important. But entering a secure password on a touch screen is a poor experience. We built ScanPass and ScanPass Pro to make this easier, but recognize that some users would be concerned about the possibility of losing their unencrypted QR codes and carrying QR codes, even when encrypted, is cumbersome. ScanPassNFC allows users to securely store encrypted passwords on an NFC token, such as a key chain. While NFC tags may be an more convenient storage option, ScanPassNFC also supports encrypted QR codes too.

NFC tags used with ScanPassNFC should have at least 1K of storage. NFC tags are available from many sources including Amazon and BuyNfcTags.com.

NOTE! It has recently come to our attention that the Mifare 1K and 4K tags we’ve been using are incompatible with certain NFC chipsets. Avoid Mifare Classic chips if you’ve got one of the phones mentioned in this article.

ScanPassNFC now available on the app store.

To create ScanPassNFC bar codes, download the free Barcode Creator utility for Mac and Windows here.

Preparing ScanPassNFC for use

Install and launch the ScanPassNFC application. A new key pair will automatically be generated and saved in the ScanPassNFC key store.
Optionally, click the Options menu item and configure a Dropbox account to enable easy sharing of the self-signed certificate generated in the next step. This will primarily be useful if using encrypted QR codes. Click the Link with Dropbox preference and follow the Dropbox instructions in the resulting browser window.
Optionally, configure your device to use ScanPassNFC as an input method. Open the Settings app for you device. Browse to Language & Input. Under Keyboard & Input Methods select ScanPassNFC NFC Scanner and ScanPassNFC QR Scanner.

Saving a password to an NFC tag

Obtain a re-writeable NFC tag with at least 1k of storage space.
Launch ScanPassNFC and select the Write to NFC Tag menu item.
Type your password into the text box or click Scan password to scan your password from a QR code, such as may be displayed or printed by Barcode Creator. By default, the password will not be displayed in the text box. Click the Reveal password check box to display the password to enable manual confirmation of accurate entry.
Select which certificate to use when encrypting the password. In most cases, there will only be one certificate and it will be selected by default.
Click the Write to Tag button.
Hold your device next to your NFC tag until “Wrote message to pre-formatted tag” is displayed.
Exit the Write to Tag view by clicking the back arrow then try out your new tag.

Reading a password from an NFC tag

Login to your device.
Hold your device adjacent to your NFC tag. The device will vibrate when the password is read.
The ScanPassNFC application will launch and display indicate whether or not the read operation was successful. Upon success, the thumbprint of the certificate used to decrypt the password will be shown.
Paste the password from the clipboard to the application of choice.

Reading a password from an NFC tag via an Input Method

Login to your device.
Launch the application that accepts the password stored on your NFC tag. Typically, the application will be a password manager, such as 1Password.
Press and hold the space bar to display the input method selection dialog box. Choose ScanPassNFC NFC Scanner. An NFC logo will displayed.
Hold your device adjacent to your NFC tag. The device will vibrate when the password is read.
If the Auto-submit password option is enabled in the ScanPassNFC options, the password will be submitted to the application. Otherwise, it will be pasted into the text box for manual submission.

Configure Dropbox in the ScanPassNFC options as described above.
Configure Dropbox on the same system where Barcode Creator is used to enable access to certificates shared from your device.
Launch ScanPassNFC and open the Export Certificates menu item. Each certificate present in the key store will be written to the device’s SD card. If Dropbox support is enable, each certificate will also be written to Dropbox for easy access from a desktop or laptop system. Files will be named using the SHA1 thumbprint of the certificate (which is displayed in the Keystore view accessible via the Keystore menu item).

Launch ScanPassNFC on the device containing the key you wish to share with another device.
Open the Keystore menu item, select the key you wish to share then click the Share Key button. An NFC logo will be displayed.
Login to the device to receive the key (ScanPassNFC must already be installed but does not need to be open).
Hold the devices together back-to-back. The source device will display a Touch to beam message. Touch the screen to transfer the key to the receiving device. The device will vibrate when the transfer is complete.
The key store will be shown on the receiving device. Confirm the desired key is now present on both devices. You may now use NFC tags containing passwords encrypted for the shared key with either device.

Generating a QR Code for your device

Download the Barcode Creator application from http://www.redhoundsoftware.com/apps/smime/barcodegenerator.html.
If you wish to generate an encrypted QR code, obtain the certificate(s) for you device using Dropbox or from the SD card of the device. See the Sharing certificates via Dropbox or SD card section above to learn how to export certificates from your device for use with Barcode Creator.
Launch Barcode Creator.
If generating an encrypted QR code, click the Choose Certificate… button and navigate to the file containing the certificate for the device that will read the QR code. Click the Encrypt password check box. If generating a plaintext QR code, skip this step and make sure the Encrypt password checkbox is not checked.
Type your password into the Password box. If printing the QR code, optionally type a caption for your QR code.
Scan the QR code from your device, via the ScanPassNFC QR Scanner input method if desired.