Valt

Effortless security through visual memory

Valt is a visual approach to passwords. With Valt you get the security of locking your data behind a truly random master password without the hassle of having to memorize one.

Discussion
Would you recommend this product?
17 Reviews4.4/5
Pro

I've been a 1password user for a long time (2008!) and love it for my team password management. But it's gotten crowded with team, family, and personal passwords.

Valt has been a fantastic addition to my password management system—all my personal passwords are in the valt (ha) now, and it's been rock solid.

Pros:

Remembering photos is simple, and Valt makes it even easier to memorize your master password

Cons:

No Android app... yet!

Hey PH! My name is Brent and I’m a professor-turned-founder working with a wonderful team on visual solutions to authentication. Our first product is a visual password manager called Valt. Many thanks to @razkarmi for hunting us! Valt generates a random master password for you but represents that password with a set of hand-curated, memorable images. We train you on the images using proven techniques from cognitive science and then embed your images in a sequence of grids. Selecting your images from the grids unlocks your Valt. After a few attempts, you'll find it's super fast! We automatically capture existing passwords in the browser, generate unique passwords for your new accounts and synchronize your information between devices. The encrypted payload uses AES-256 bit encryption and we augment your master password with 128 bits of entropy that only lives on your devices. We’ve been working on Valt for about 6 months and would love your feedback!
@razkarmi @brentheeringa this reminds me of Vidoop...! If the user picks the images him or herself, doesn't that open them open to some security risk, kind of like using your maiden name as your password reset? Or maybe you can explain what you mean by "hand-curated"?
@razkarmi @chrismessina Valt chooses a random set of images from its hand-curated set. The key is that we use memorable photos and pair them with interesting text and training techniques inspired by cognitive science (see my response to @imrankk below) to essentially burn them into your mind. You get all the security of a random password and all the memorability of human evolution.
@chrismessina I'd love for you to go through the onboarding / training process and give us some feedback!

I've been using the production version of Valt on my Mac and iPhone for about a month now. It's interface is clean and simple to use.

I'm excited for integrations to migrate existing password bases over!

The mac application has a simple verification process through the iPhone app which I found really neat. Overall its a great launch, and I'm excited to see the product mature.

It's not quite as well integrated into my flows as say "Google Passwords" but that's a matter of time and use. For the true security folks out there, this is more secure than a passphrase and easier to remember.

Pros:

Never forget your master password, much more secure

Cons:

Sometimes a bit tedious

Wow what an innovative approach to security, great to see this here @brentheeringa. Is this still hackable?
@abadesi We've worked hard to balance user experience with security while keeping in mind appropriate threat models. The short answer to your question is it's pretty damn secure! Here's the long answer: we use AES-256 bit encryption and PBKDF2 for our key stretching. The default password is chosen uniformly at random from 455**3= ~94M choices. This yields about 27 bits of entropy. That's not a lot on its own, but we augment each password with 128 bits of entropy (this is called the Valt Secret) and store the secret on each authorized device. This means that even if your encrypted payload were compromised, it would take a *significant* amount of time to decrypt using state-of-the-art tech. We store the Valt Secret in the Keychain and we do the same with the key resulting from mixing your password with your Valt Secret. Even if your phone were to be stolen, a hacker would have to (1) unlock the phone - remember how hard it was for the FBI to do this? (2) hack the Keychain, and (3) finally execute a brute force attack on your password space. In the future we'll add more grids so even the most paranoid people can have upwards of 50-60 bits of entropy in the password alone.
Pro
Hey Brent, what makes Valt easier to use than other products in the space?
@heliostatic There are 3 big ones: 1. The images. Because the grids are fixed, you eventually learn not only your images, but the patterns. I unlock my Valt in ~3 seconds every time. I never forget my master password and I don't have to type on a tiny screen. 2. Our device authorization process is really clean. Users register their Valt through email verification and then authorize new devices by approving them on already-authenticated devices. The authentication process is key because it allows us to securely pass along the Valt Secret, which is like a booster shot for your master password. It's all very fast and very seamless. 3. Our desktop experience is unobtrusive and natural. We use builtin notifications to alert you when we've captured a password. We never employ modal dialogs and we don't hand roll our own UI. Our browser plugins are lightweight and communicate with the desktop app using native communication channels, which also provides another layer of security.
Pro
@brentheeringa Very cool. It's a beautiful app!