Hardware components | ||||||
 |
| × | 1 | |||
| × | 1 | ||||
If you use a Mac Mini or dock your MacBook with the lid closed, Apple offers zero options for biometric authentication.
There is this project that harvests Touch ID from an Apple keyboard: but it was too expensive and too bulky for me. I wanted something cheaper, smaller, and built from scratch. So I made TouchPass.
TouchPass is a USB fingerprint sensor that types your passwords for you. You can store up to 20 passwords, each mapped to a different finger. If you run out of fingers, use your toes. Use your left thumb for your Mac login, right index for your password manager, pinky for sudo. It even hits Enter for you automatically (configurable per credential).
The fingerprint sensor communicates over UART and has an LED ring that glows green when it recognizes a finger and red when it doesn't. I designed the case in TinkerCAD.
The Build JourneyI started with an ESP32 C6 but quickly hit a wall: it only supports BLE HID, not USB HID. BLE has noticeable latency when typing passwords, and sometimes it simply doesn't connect immediately when you need it.
I also initially set up configuration over WiFi, which turned out to be annoying. Opening a hotspot or connecting to an existing network every time you want to add a credential is tedious.
The ESP32 S3 solved both problems: native USB HID for instant password typing, and serial over USB for configuration through a simple web interface using the Web Serial API.
The config page is a static website using Web Serial. It shows enrolled fingers on a visual hand diagram, lets you map each finger to a credential (with optional auto Enter), and displays sensor status. Plain HTML and JavaScript, no frameworks.
Building this made me think: is this thing potentially leaking my passwords? Turns out it's actually reasonably secure. An attacker would need my fingerprint, physical access to the device, AND knowledge of which finger maps to which password. That's three factors combined.
But here's the real eye opener: I would never buy a door lock with this type of fingerprint sensor. The fingerprint sensor just communicates over UART, so if you can emulate the UART protocol and have access to the wires, you can tell it "yes, fingerprint matches" and open any door. For a desktop password manager where the device sits on my desk, that's fine. For physical security, not so much. Learned a lot about security tradeoffs from this project.
What's Next?Secure Storage: Currently passwords are stored in plain text on the ESP32. I'm researching secure element chips to encrypt stored credentials properly.
Miniaturization: I'm dreaming of a keychain version like a YubiKey with fingerprint auth. The challenge is finding small fingerprint sensors. Every smartphone has a tiny one, but try sourcing them as components for maker projects. If anyone has leads on small, affordable fingerprint sensors, please reach out!
Comments