Physical security for your personal data

Apr 15, 2019

Project update 24 of 26

Browser Plugin Support

A new version of the Signet client has just been released and it now features support for browser plugins for Firefox and Chrome, along with a number of bug fixes and a few ease of use features. I have been looking forward to have the time to finally develop browser plugins for Signet since the campaign first launched. Initially I had wanted to develop them right after the campaign but a myriad of other feature requests and issues consumed my time.

How the plugin works

The plugin does not directly communicate with the device. Doing so would require using one of the native plugin API’s that are in the process of being removed from newer browsers. Instead the plugins operate by setting up a local communications channel with the Signet client. When you browse to a new page the plugin sends the URL to the client and the client checks to see if there are any accounts that correspond to that URL. If the plugin detects that a login form is present on a page, then when you click on the plugin’s icon in your browser you can request the data be filled into the webform.

The image below shows what it looks like when a match is found by the plugin. In this case there are two accounts that match the URL and the plugin gives you the choice of which to use.

Browser plugin in action

Browser plugin security and efficiency

With the addition of browser plugin support Signet retains its physical security model while making it significantly easier to use for website logins. Unlike a typical autofilling password manager the Signet client doesn’t expose any privileged access to the password database to the plugin. Many past browser bugs have allowed websites to access to private data or interfaces in the browser. Signet effectively avoids this hazard.

Although you must still take the additional step of pressing the Signet device button, it ends up being much faster than using the USB keyboard method since you don’t have to search for the account or make sure that the right text area has keyboard focus. If the login form detection fails you can still easily fallback on the USB keyboard method.

Installing the plugin

To use the plugin you’ll need client version 0.9.13 or later. You can get the browser plugin for Firefox on or by searching for "Signet" on the extensions screen of Firefox. The plugin is also available as file on the Signet downloads page, but you will not get automatic updates with that installation method. The plugin works under Chrome but for now you need to get it from the Downloads page until Google completes its review of the plugin. You can manually install it with these steps:

  1. Unzip the chrome plugin to a new folder
  2. Go to "chrome://extensions"
  3. Enable developer mode
  4. Click "Load Unpacked Extension"
  5. Select the folder where you unzipped the plugin into

Introducing Signet-HC

I am currently developing a follow-up device to the original Signet that I’m calling Signet High-Capacity (or Signet HC). Signet HC adds 32GB of mass storage and a much faster microcontroller among other things. If you are interested check out the pre-launch page. Sign up for updates to follow the development and campaign progress.

The original Signet will be supported indefinitely and it will be possible to port data over to Signet HC from the original Signet. I’ll make an effort to implement new software features for both devices. However, the smaller flash memory size of Signet will limit the number of features I can port.

Sign up to receive future updates for Signet.

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects