Valt

Effortless security through visual memory

Valt is a visual approach to passwords. With Valt you get the security of locking your data behind a truly random master password without the hassle of having to memorize one.

Around the web

Reviews

  • BenProduct @ Input
    Pros: 

    Remembering photos is simple, and Valt makes it even easier to memorize your master password

    Cons: 

    No Android app... yet!

    I've been a 1password user for a long time (2008!) and love it for my team password management. But it's gotten crowded with team, family, and personal passwords.

    Valt has been a fantastic addition to my password management system—all my personal passwords are in the valt (ha) now, and it's been rock solid.

    Ben has used this product for one month.
  • Cole TownsendDesigner at Robin.
    Pros: 

    Never forget your master password, much more secure

    Cons: 

    Sometimes a bit tedious

    I've been using the production version of Valt on my Mac and iPhone for about a month now. It's interface is clean and simple to use.

    I'm excited for integrations to migrate existing password bases over!

    The mac application has a simple verification process through the iPhone app which I found really neat. Overall its a great launch, and I'm excited to see the product mature.

    It's not quite as well integrated into my flows as say "Google Passwords" but that's a matter of time and use. For the true security folks out there, this is more secure than a passphrase and easier to remember.

    Cole Townsend has used this product for one month.

Discussion

You need to become a Contributor to join the discussion - Find out how.
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
Hey PH! My name is Brent and I’m a professor-turned-founder working with a wonderful team on visual solutions to authentication. Our first product is a visual password manager called Valt. Many thanks to @razkarmi for hunting us! Valt generates a random master password for you but represents that password with a set of hand-curated, memorable images. We train you on the images using proven techniques from cognitive science and then embed your images in a sequence of grids. Selecting your images from the grids unlocks your Valt. After a few attempts, you'll find it's super fast! We automatically capture existing passwords in the browser, generate unique passwords for your new accounts and synchronize your information between devices. The encrypted payload uses AES-256 bit encryption and we augment your master password with 128 bits of entropy that only lives on your devices. We’ve been working on Valt for about 6 months and would love your feedback!
Chris Messina@chrismessina · Product designer & entrepreneur
@razkarmi @brentheeringa this reminds me of Vidoop...! If the user picks the images him or herself, doesn't that open them open to some security risk, kind of like using your maiden name as your password reset? Or maybe you can explain what you mean by "hand-curated"?
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@razkarmi @chrismessina Valt chooses a random set of images from its hand-curated set. The key is that we use memorable photos and pair them with interesting text and training techniques inspired by cognitive science (see my response to @imrankk below) to essentially burn them into your mind. You get all the security of a random password and all the memorability of human evolution.
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@chrismessina I'd love for you to go through the onboarding / training process and give us some feedback!
Chris Messina@chrismessina · Product designer & entrepreneur
@brentheeringa cool, WTAL!
Abadesi@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Wow what an innovative approach to security, great to see this here @brentheeringa. Is this still hackable?
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@abadesi We've worked hard to balance user experience with security while keeping in mind appropriate threat models. The short answer to your question is it's pretty damn secure! Here's the long answer: we use AES-256 bit encryption and PBKDF2 for our key stretching. The default password is chosen uniformly at random from 455**3= ~94M choices. This yields about 27 bits of entropy. That's not a lot on its own, but we augment each password with 128 bits of entropy (this is called the Valt Secret) and store the secret on each authorized device. This means that even if your encrypted payload were compromised, it would take a *significant* amount of time to decrypt using state-of-the-art tech. We store the Valt Secret in the Keychain and we do the same with the key resulting from mixing your password with your Valt Secret. Even if your phone were to be stolen, a hacker would have to (1) unlock the phone - remember how hard it was for the FBI to do this? (2) hack the Keychain, and (3) finally execute a brute force attack on your password space. In the future we'll add more grids so even the most paranoid people can have upwards of 50-60 bits of entropy in the password alone.
BenPro@heliostatic · Product @ Input
Hey Brent, what makes Valt easier to use than other products in the space?
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@heliostatic There are 3 big ones: 1. The images. Because the grids are fixed, you eventually learn not only your images, but the patterns. I unlock my Valt in ~3 seconds every time. I never forget my master password and I don't have to type on a tiny screen. 2. Our device authorization process is really clean. Users register their Valt through email verification and then authorize new devices by approving them on already-authenticated devices. The authentication process is key because it allows us to securely pass along the Valt Secret, which is like a booster shot for your master password. It's all very fast and very seamless. 3. Our desktop experience is unobtrusive and natural. We use builtin notifications to alert you when we've captured a password. We never employ modal dialogs and we don't hand roll our own UI. Our browser plugins are lightweight and communicate with the desktop app using native communication channels, which also provides another layer of security.
BenPro@heliostatic · Product @ Input
@brentheeringa Very cool. It's a beautiful app!
Imran Khoja@imrankk · Co-Founder @ ShoeKicker
Hey Brent, awesome product. I'm always forgetting passwords and the idea of storing all my passwords behind one mega-password seems scary. I was super skeptical of the images and whether I'd be able to remember my set but so far it's been great. Is there anything special about the particular images you use that makes this easier? If so, how did you choose the images?
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@imrankk We hand-curate the images with great care. Part of it was finding the right photographers---we use a lot of images from Ryan McGuire---and understand that memorable photos are not necessarily beautiful or even interesting photos. We also pair the images with curated text during the training. We do this because of the so-called dual-encoding theory, which says information is stored along both a visual and a linguistic channel. Our images and our training process create a really robust memory. Of course, we also offer a simple and secure recovery code too. :)
Nick Neuman@nneuman · Product at Casa
Hey @brentheeringa, this is honestly one of the coolest products I've seen on PH in a while. I just downloaded and am definitely going to check it out. I enjoyed reading your Medium post on Recognition Memory. Are there any other pieces/studies/papers that I could check out to learn more about that?
Brent HeeringaMaker@brentheeringa · Founder @ Valt, CS Prof @ Williams
@nneuman Many thanks! You made my night. Shoot me an email at heeringa@valt.io and I'll send you a paper with references.