This project is educational. Do not deploy as-is.
- Use a tested library (e.g.,
bcryptorargon2-cffi) and a secure password policy. - Store salt and derived key using a well-defined binary format or use a single serialized field.
- Encrypt the SQLite file at rest (e.g., use SQLCipher) if storing sensitive credentials locally.
- Add password strength checks and rate-limiting.
- Replace simple dialogs with a secure GUI framework that prevents clipboard leakage.
- Add logging (securely) and monitoring for failed attempts and suspicious behavior.
- Ensure backups and secrets (if any) are excluded from the repository.
- Local file theft, malware, or OS compromise exposes
users.db. - Weak password choices allow brute-force attacks, even with PBKDF2.
- No multi-factor authentication (MFA).
- OWASP Authentication Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
- Password Storage Cheat Sheet (NIST/OWASP)