Chiff allows you to log in to any website using your phone, making logging in safer and simpler. We leverage the biometric authentication mechanisms (fingerprint/facial recognition) on your phone, so you don’t have to remember a single password anymore.
@choiceinternetbrands Hi Cody! The passwords are stored locally in the encrypted storage of your phone and decrypted when you unlock the app. The passwords are derived from a random seed using a deterministic algorithm, so the they can be regenerated when you want to restore from your paper backup. To make this possible, some information per website (URL, username) is stored remotely (but also encrypted with a key derived from the seed, so we can't decrypt it). You can read more about the security in this blog: https://www.chiff.app/articles/2....
Well, I installed the browser extension on my Mac, scanned the code provided on my Android phone (yes it happens), went to a website where I was instructed to click to join the beta, and then was redirected to Google Play store. However, I couldn't install the app but got this error message: "Removing your account from the beta test program. You may want to uninstall the beta test version and install the public version" The beta version is not installed. I'm in a time loop, I guess.
Hello everyone,
Release of Chiff 🚀
We believe it's time to move beyond passwords. That's why we're really excited to release the solution that we've been working on for the past few years: Chiff.
Why Chiff?📱
Ever since the start of the Internet, passwords are the way to authenticate. But in order to be safe online nowadays, passwords need to fulfil all sorts of requirements. They have to be sufficiently long, complex and unique for each application. But how do you manage all those passwords? Not just with another password, we believe. We asked ourselves: why do we still log in with passwords, while we can simply unlock our phone with our finger or face?
What is Chiff? 🔐
Chiff is built around the simple idea to use your phone's authentication method (fingerprint / face recognition) to log in to any website. The solution consists of a browser extension and a mobile app that communicate over an end-to-end encrypted channel. All secrets are stored on your phone. You can log in to any website by authorising a push notification on your phone.
Single UI-flow 👆
Chiff works independent of the underlying authentication method. It supports username/passwords, two-factor-authentication and the new standard WebAuthn (W3C and FIDO). This strong authentication method is still relatively new, but solves all problems that password authentication poses, in a simple UI-flow (more info: https://webauthn.guide/). Since Chiff supports all these methods in a single UI-flow, we like to call Chiff a hybrid authenticator.
Code publicly available ✅
Recently, we have made our code publicly available in order to be transparant about how the solution works and to allow researchers to discover and report potential vulnerabilities easier.
Use Chiff for free 💸
As they say: save the best for last! You can use Chiff for free: https://www.chiff.app/#try. We'd be happy if you give it a try! If you have any questions or remarks, feel free to let us know. And last but not least, if you find any bugs or have feedback on Chiff itself, you can create an issue @ GitHub: https://github.com/chiff-app 😄
Thanks for your time! Say goodbye to passwords, say hello to Chiff 👍
All the best,
The Chiff Team
HighlightFactCheck
HighlightFactCheck
Chiff
Chiff