The Mooltipass Mini Password Safe Goes Wire-Free as Mooltipass Mini BLE Crowdfunding Opens

Stephan Electronics has opened crowdfunding for the Multipass Mini BLE, a Bluetooth-enabled successor to the popular Mooltipass Mini high-security, open source hardware password safe.

The original Mooltipass Mini launched four years ago, itself a follow-up to the bulkier Mooltipass. Both devices worked on the same concept: Storing passwords on a physical device, connected to a host system via USB, protected with both a PIN and a smart card with secure element. Combined with hardware random number generation (HWRNG), some clever client-side software, and a clear OLED panel, the Mooltipass range proved a hit with the security-conscious — helped in no small part by the devices being fully open in both hardware and software.

Fours years on, and Stephan Electronics is back with the Mooltipass Mini BLE. As the name suggests, the new device is a follow-up to the Mooltipass Mini which adds Bluetooth Low Energy (BLE) support — meaning that, thanks to an internal battery, the gadget can be used wirelessly with any Bluetooth-enabled device.

As with its predecessors, the Mooltipass Mini BLE operates in three modes. The first mode links it to the Moolticute client software, which can request credentials and save new credentials to the device; in the second mode, the Mooltipass acts as a physical keyboard — USB or Bluetooth — and "types" any credential selected using the rocker wheel and display; in the final mode, which can be disabled in software, the Mooltipass simply displays selected passwords on its screen for manual entry.

"Many people use software tools to store and organize their passwords. That's a great first step, but consider what happens if a piece of particularly nasty malware compromises your computer," explains company founder Mathieu Stephan of the concept behind the Mooltipass range. "It can steal your password database, and the next time you use your software tool to log in to a website, the malware can steal your master password. This isn't just hypothetical: something similar happened to a well-known password vault. Since we decouple the decryption key from your computer, it becomes much harder for a malicious program to make off with all of your account information."

You can back the Mooltipass Mini BLE now on Kickstarter, with early bird rewards starting at CHF 65 (around $70, excluding shipping). Source code for the firmware, software, and schematics for the hardware are available on the Mooltipass GitHub repository.