Subscribe
Sign in
Valt
p/valtEffortless security through visual memory
Start new thread
Raz Karmi

Valt - Effortless security through visual memory

by

Valt is a visual approach to passwords. With Valt you get the security of locking your data behind a truly random master password without the hassle of having to memorize one.

Add a comment

Replies

Best
Brent Heeringa
Maker
Hey PH! My name is Brent and I’m a professor-turned-founder working with a wonderful team on visual solutions to authentication. Our first product is a visual password manager called Valt. Many thanks to @razkarmi for hunting us! Valt generates a random master password for you but represents that password with a set of hand-curated, memorable images. We train you on the images using proven techniques from cognitive science and then embed your images in a sequence of grids. Selecting your images from the grids unlocks your Valt. After a few attempts, you'll find it's super fast! We automatically capture existing passwords in the browser, generate unique passwords for your new accounts and synchronize your information between devices. The encrypted payload uses AES-256 bit encryption and we augment your master password with 128 bits of entropy that only lives on your devices. We’ve been working on Valt for about 6 months and would love your feedback!
Chris Messina
Top Hunter
@razkarmi @brentheeringa this reminds me of Vidoop...! If the user picks the images him or herself, doesn't that open them open to some security risk, kind of like using your maiden name as your password reset? Or maybe you can explain what you mean by "hand-curated"?
Brent Heeringa
Maker
@razkarmi @chrismessina Valt chooses a random set of images from its hand-curated set. The key is that we use memorable photos and pair them with interesting text and training techniques inspired by cognitive science (see my response to @imrankk below) to essentially burn them into your mind. You get all the security of a random password and all the memorability of human evolution.
Brent Heeringa
Maker
@chrismessina I'd love for you to go through the onboarding / training process and give us some feedback!
Chris Messina
Top Hunter
@brentheeringa cool, WTAL!
Abadesi
Wow what an innovative approach to security, great to see this here @brentheeringa. Is this still hackable?
Brent Heeringa
Maker
@abadesi We've worked hard to balance user experience with security while keeping in mind appropriate threat models. The short answer to your question is it's pretty damn secure! Here's the long answer: we use AES-256 bit encryption and PBKDF2 for our key stretching. The default password is chosen uniformly at random from 455**3= ~94M choices. This yields about 27 bits of entropy. That's not a lot on its own, but we augment each password with 128 bits of entropy (this is called the Valt Secret) and store the secret on each authorized device. This means that even if your encrypted payload were compromised, it would take a *significant* amount of time to decrypt using state-of-the-art tech. We store the Valt Secret in the Keychain and we do the same with the key resulting from mixing your password with your Valt Secret. Even if your phone were to be stolen, a hacker would have to (1) unlock the phone - remember how hard it was for the FBI to do this? (2) hack the Keychain, and (3) finally execute a brute force attack on your password space. In the future we'll add more grids so even the most paranoid people can have upwards of 50-60 bits of entropy in the password alone.
Ben
Hey Brent, what makes Valt easier to use than other products in the space?
Brent Heeringa
Maker
@heliostatic There are 3 big ones: 1. The images. Because the grids are fixed, you eventually learn not only your images, but the patterns. I unlock my Valt in ~3 seconds every time. I never forget my master password and I don't have to type on a tiny screen. 2. Our device authorization process is really clean. Users register their Valt through email verification and then authorize new devices by approving them on already-authenticated devices. The authentication process is key because it allows us to securely pass along the Valt Secret, which is like a booster shot for your master password. It's all very fast and very seamless. 3. Our desktop experience is unobtrusive and natural. We use builtin notifications to alert you when we've captured a password. We never employ modal dialogs and we don't hand roll our own UI. Our browser plugins are lightweight and communicate with the desktop app using native communication channels, which also provides another layer of security.
Ben
@brentheeringa Very cool. It's a beautiful app!
Ben

I've been a 1password user for a long time (2008!) and love it for my team password management. But it's gotten crowded with team, family, and personal passwords.

Valt has been a fantastic addition to my password management system—all my personal passwords are in the valt (ha) now, and it's been rock solid.

Pros:

Remembering photos is simple, and Valt makes it even easier to memorize your master password

Cons:

No Android app... yet!

Cole Townsend

I've been using the production version of Valt on my Mac and iPhone for about a month now. It's interface is clean and simple to use.

I'm excited for integrations to migrate existing password bases over!

The mac application has a simple verification process through the iPhone app which I found really neat. Overall its a great launch, and I'm excited to see the product mature.

It's not quite as well integrated into my flows as say "Google Passwords" but that's a matter of time and use. For the true security folks out there, this is more secure than a passphrase and easier to remember.

Pros:

Never forget your master password, much more secure

Cons:

Sometimes a bit tedious

Imran Khoja
Hey Brent, awesome product. I'm always forgetting passwords and the idea of storing all my passwords behind one mega-password seems scary. I was super skeptical of the images and whether I'd be able to remember my set but so far it's been great. Is there anything special about the particular images you use that makes this easier? If so, how did you choose the images?
Brent Heeringa
Maker
@imrankk We hand-curate the images with great care. Part of it was finding the right photographers---we use a lot of images from Ryan McGuire---and understand that memorable photos are not necessarily beautiful or even interesting photos. We also pair the images with curated text during the training. We do this because of the so-called dual-encoding theory, which says information is stored along both a visual and a linguistic channel. Our images and our training process create a really robust memory. Of course, we also offer a simple and secure recovery code too. :)
Michael Bishop

Pros:

Fresh take on password storage

Cons:

Brent Filson

Image encoding really works! I only had to train myself once and haven't had a problem logging in since.

Pros:

Insanely easy to use and log in.

Great sense of comfort knowing my master password can't be hacked.

Love the look and feel.

Cons:

Doesn't work on my PC yet. Hopefully soon?

Jonathan Pilovsky
Interesting concept but I don’t understand how this is easier than using Touch ID with 1Password?
Brent Heeringa
Maker
@jonnyballin Touch ID is a convenient method of authentication but it doesn't replace your master password. When your iPhone updates or reboots or even after a certain amount of downtime, you are always forced to type in your master password -- and it is during these situations where Valt shines because you won't struggle -- you'll just slide right in.
Jonathan Pilovsky
@brentheeringa I know my (secure) master pwd by heart and type it quickly?
Brent Heeringa
Maker
@jonnyballin Yeah, for sure! I totally understand---we're definitely not trying to convert you. Our goal is to create a clean and beautiful password solution that gives the average internet user a secure and effortless way to manage their passwords. Of course, we'd still love for you to give Valt a test drive and send us your feedback.
Krista Navin

I find this really helpful for websites that log into so infrequently that I always end up changing my password each time I try to get in. Now it doesn't take me 20 minutes to log into my student loan or TurboTax!

Pros:

Really helpful and easy to use

Cons:

Nick Neuman
Hey @brentheeringa, this is honestly one of the coolest products I've seen on PH in a while. I just downloaded and am definitely going to check it out. I enjoyed reading your Medium post on Recognition Memory. Are there any other pieces/studies/papers that I could check out to learn more about that?
Brent Heeringa
Maker
@nneuman Many thanks! You made my night. Shoot me an email at heeringa@valt.io and I'll send you a paper with references.
Alex Melehy

Super easy to remember a collection of photos rather than a set of passwords or even a master password. It was a bit unclear that I need to have the Mac app in order for the Chrome extension to work but the Valt team was super helpful and guided me through getting everything up and running. I'm sure they'll make the UX of downloading and hooking up all of the apps/extensions much better as time goes on. Great product!

Pros:

Selecting the right photos is almost muscle memory. Better than trying to remember a password.

Cons:

Unclear that you need to have the Mac app for the Chrome extension to work.

John J. Wall

Image based password management completely changes the game, everything else is just more painful long passwords.

Pros:

A whole new way to manage passwords

Cons:

Moving off your old crummy solution