Pastilda is an open-source hardware password manager, designed to manage your credentials in a handy and secure way.
Pastilda works as a middleman between your computer and keyboard. It provides easy and safe auto-login to your OS, bank accounts, mailboxes, corporate network or social media. Pastilda stores encrypted passwords in its memory. You can request a particular password at any time by pressing a special key combination on your keyboard.
Pastilda has two USB ports: one for your keyboard, one to connect to your PC. Your OS will recognize Pastilda as a USB keyboard and a USB flash drive.
The flash drive component stores the encrypted KeePass 2.x database (.kdbx file) and the KeePass 2.x portable app as needed. Your real keyboard is now visible only to Pastilda, your PC won’t see it at all.
In normal working mode, all keystrokes from your keyboard are passed through Pastilda to your PC unchanged.
When you need to sign into an account, you switch to “Pastilda mode”. That’s done by placing your cursor inside the login text box and pressing the “Ctrl + ~” key combination. Pastilda will then ask you to enter the master password for your KeePass database, right in the current text box.
If the password is entered correctly, Pastilda will decrypt and display your database. You can navigate through it with left, right, up, and down arrows or you can just start to input the name of the entry in your database and Pastilda will display matching variants. Once you find the entry you’re looking for, press Enter and Pastilda will automatically enter the corresponding login and password.
If the password is incorrect, Pastilda gives you the option to try again or go back to regular mode by pressing the Esc key on your keyboard.
Who Needs It and Why?
Why use Pastilda if you use KeePass or another password manager app on all your devices? Because KeePass, like all solutions that are stored directly on your PC, has some security issues, as KeePass themselves admit:
“Neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment. Users still are responsible for the security of their PC.”