Launching today

Musikey

Launching today

Tough musical authentication for accessibility

44 followers

Tough musical authentication for accessibility

44 followers

Visit website

Authentication & identity tools

Musical Authentication uses a musical key instead of a password for authentication

Free

Launch tags:Music•Privacy•Security

Launch Team

memories.sh — One layer for memories, skills, and rules across any agent

One layer for memories, skills, and rules across any agent

Promoted

Musikey

Maker

📌

I built MusiKey because I was tired of the same password paradigm we've been stuck with for decades. What if authentication wasn't just secure, but actually beautiful? MusiKey generates a unique encrypted musical composition for every user. Your identity isn't a string of characters — it's a song. Enrollment creates a scale-constrained melody using cryptographic randomness, encrypts it through a cascaded PBKDF2 + scrypt pipeline, then seals it with double-layer AES-256-GCM. To authenticate, your passphrase reverses the process — if the decrypted data passes a four-dimensional musicality analysis (harmonic consonance, melodic smoothness, rhythmic regularity, and scale adherence), you're in. If not, you hear nothing. Five failures and the credential self-destructs — overwritten with random data, gone forever. The idea started as a kernel module inside a hobby OS I've been building. I liked it enough to pull it out into a standalone cross-platform app. Zero runtime dependencies. All crypto runs on native platform APIs. The songs actually sound good.

Report

1d ago

@ghartrid Hi Graham. Congrats on your launch! What kinds of accessibility challenges does Musikey address that existing solutions miss?

Report

6h ago

Musikey

Maker

@kimberly_ross Thank You for your comment. Musikey will do its best to incorporate future accessibility features directly into the software. stay tuned :)

Report

1h ago

Fascinating idea. It could do with a little more explanation and UI tweaks - I could generate compositions but couldn't work out if there were other things it should also be able to do.

Also I think the shown keyboard is an octave shorter than the range of the generated notes (low notes appeared on the indicator about the keyboard, but not on the keyboard itself).

Edit to add: Also this could be deployed directly as a web app for demo purposes (using browser storage instead of file storage), rather than getting people to download and install a git repo.

Report

6h ago

Musikey

Maker

@hex_miller_bakewell Thanks for the feedback — really appreciate you taking the time to try it out.

You're right that the app needs better explanation. MusiKey is actually a full authentication system, not just a music generator — the compositions it creates are cryptographic keys. Behind the scenes there's multi-factor authentication (challenge-response + TOTP), per-service ECDSA authentication (like a hardware security key but using your musical credential), visual fingerprint verification, encrypted credential storage with self-destruct on failed attempts, and a full audit log. But none of that is obvious from the UI right now. Adding an onboarding walkthrough and tooltips is at the top of the list.

Good catch on the keyboard — the generator uses a 4-octave range but the piano display only renders about 2 octaves. The notes are playing correctly, the visual just isn't showing them all. That's being fixed.

And yes, a web demo is planned. The core crypto (AES-256-GCM, ECDSA P-256) already uses Web Crypto API so it runs in the browser. The main work is swapping the Electron-specific parts — Argon2 needs a WASM build, file storage moves to IndexedDB, and the machine-binding degrades slightly. But for a demo that lets people experience the concept without cloning a repo, it's very doable and coming soon.

Thanks again for the thoughtful feedback.

Report

1h ago

Congrats on the launch! Shipping a desktop app with solid auth is no small feat. I saw the GitHub repo, what license are you plan to use (MIT, etc.)?

Report

6h ago

Musikey

Maker

@resetmerlin thank you for your comment. Apache 2.0 license is most likely what i would use. :)

Report

1h ago

Musikey

Maker

Update on Feb 27 , 2026: MusiKey turns music into cryptographic keys. Generate a unique composition, and it becomes your authentication credential — encrypted with cascaded KDF (PBKDF2 + Argon2id) and double AES-256-GCM. Features ECDSA P-256 challenge-response authentication for external services, multi-factor auth (musical challenge-response + TOTP), visual fingerprint verification, tamper-detected audit logging, and self-destructing credentials after failed attempts. Zero runtime dependencies — all crypto via platform APIs. Open source, fully local, nothing leaves your machine.

Report

42m ago

Musikey

Maker

MusiKey — Musical Entropy Authentication

MusiKey replaces passwords with music. Instead of memorizing strings of characters, you authenticate with a unique musical composition that doubles as a cryptographic key.

The problem: Passwords are weak, reused, and forgettable. Hardware tokens are expensive and losable. Biometrics can't be changed if compromised.

The solution: MusiKey generates a random musical composition tied to your passphrase. The composition itself becomes your cryptographic credential — something you can hear, recognize, and verify, but that carries 112+ bits of entropy. If compromised, just generate a new song.

What it does:

Generates unique musical compositions as authentication credentials
Encrypts them with cascaded KDF (PBKDF2 + Argon2id) and double AES-256-GCM
Acts as an authenticator for external services via ECDSA P-256 signed challenge-response (MusiKey Protocol) — a more secure alternative to TOTP codes
Supports multi-factor auth: musical challenge-response + time-based codes
Visual fingerprint lets you visually confirm your credential at a glance
Self-destructs after 5 failed attempts — no brute forcing
Full audit log with tamper detection

What it isn't: MusiKey isn't a password manager or a music app. It's a proof of concept that musical structure can carry enough entropy to be cryptographically useful, while being more human-recognizable than a random string.

All processing is local. Nothing leaves your machine. Zero runtime dependencies. Open source.

Report

41m ago

MusiKey — Musical Entropy Authentication

MusiKey replaces passwords with music. Instead of memorizing strings of characters, you authenticate with a unique musical composition that doubles as a cryptographic key.

The problem: Passwords are weak, reused, and forgettable. Hardware tokens are expensive and losable. Biometrics can't be changed if compromised.

What it does:

Generates unique musical compositions as authentication credentials
Encrypts them with cascaded KDF (PBKDF2 + Argon2id) and double AES-256-GCM
Acts as an authenticator for external services via ECDSA P-256 signed challenge-response (MusiKey Protocol) — a more secure alternative to TOTP codes
Supports multi-factor auth: musical challenge-response + time-based codes
Visual fingerprint lets you visually confirm your credential at a glance
Self-destructs after 5 failed attempts — no brute forcing
Full audit log with tamper detection

All processing is local. Nothing leaves your machine. Zero runtime dependencies. Open source.