Show HN: PicKey – Managing Passwords with AI, Visually

Hello HN,<p>With about 24% of internet users using passwords like &quot;password123&quot; and &quot;123456&quot;, we wanted to create a visually-based alternative without compromising on security.<p>Humans remember visuals much better than text, and so we&#x27;ve created a password manager that uses a combination of a personal image and a 3D character (superimposed on the image) as the master password that one can see with their own eyes, making it visually recallable with a much lower cognitive load while making it stronger than text-based passwords.<p>We call this visual master password as the Master Key. It is made of 2 parts:<p>Part 1 - a picture of a favorite place, a cherished object, or a face (Vision Secret): PicKey uses general adaptive recognition backed by multiple neural networks that are trained to recognize places, faces, objects, etc., adapting to physical changes (view angle, lighting, seasons, age, etc.). To a user, this means that they could turn their living room into a master password, or their pet, or their favorite spot in the park, or that painting on the wall. The possibilities are endless. The Vision Secret captures high entropy from the personal nature of choices that people make and anonymizes the secret.<p>Part 2 - a 3D character (Keymoji Secret): A virtual, 3D character can then be selected from a growing catalogue. This has lower entropy, but the main focus here is to engage our remembrance. The 3D character is often animated and has music&#x2F;sound and can be viewed in 3D or in Augmented Reality. Continuing with the examples above, a user could have a roaring t-rex in their living room, or a butterfly flapping over their pet, or an alien at that spot in the park, or a hummingbird hovering in front of their paining on the wall.<p>This combination forms the Master Key and is used to login to PicKey. PicKey then works like any password manager, capturing, autofilling &amp; managing passwords &amp; more; across platforms.<p>Safety: - E2E encryption as default, AES-256&#x2F;GCM&#x2F;CBC, multi-hashing, salting, time gaps, ZKP, KDF, 2FA, OAuth2 - Cryptographically secure key, IV and ID generation - MagicPass - storage free passwords that are never stored anywhere; regenerated at runtime from the vision vector and a specialized hash function.<p>Misc:<p>- Master keys are anonymous; even a public social media post can serve as the master password. Anything memorable visually can become a master key, aiming to mimic adaptive human photographic memory and its uniqueness.<p>- the master key login is generally long lived and manages the session based on frequency of use.<p>- we recommend live retaking of the &#x27;Vision Secret&#x27; at login, enhancing security. For ease, users can choose easily accessible or memorable live images, a familiar online image, or their cherished object&#x2F;place, or even their face (not recommended for anonymity); ensuring consistent and secure access.<p>- a picture based password gains resistance to traditional attacks on regular passwords like dictionary attacks, rainbow tables, keylogging etc, though the neural networks have to be hardened for new types on attacks on them.<p>- PicKey neither collects, nor stores any personally identifiable info.<p>References: Picture Superiority Study - <a href="https:&#x2F;&#x2F;pubmed.ncbi.nlm.nih.gov&#x2F;30756412" rel="nofollow">https:&#x2F;&#x2F;pubmed.ncbi.nlm.nih.gov&#x2F;30756412</a> , 24% people with passwords as &quot;123456&quot; - <a href="https:&#x2F;&#x2F;webtribunal.net&#x2F;blog&#x2F;password-stats" rel="nofollow">https:&#x2F;&#x2F;webtribunal.net&#x2F;blog&#x2F;password-stats</a><p>Supported Platforms: - Mobile * iPhones &gt; 7, iOS &gt; 14.0. iOS Autofill, biometrics and keystore integration. * Android &gt; v7.0 Android autofill, biometrics and keystore integration. - Desktop * Currently supported for password management - Chrome, Firefox, Edge and Safari. * To login on the browser, one must be logged into the mobile app first<p>Next Plans: - Large Vision Models - Passkey integration - Incorporating feedback<p>Links: - Website : <a href="https:&#x2F;&#x2F;pickey.ai" rel="nofollow">https:&#x2F;&#x2F;pickey.ai</a> - 3D login explained : <a href="https:&#x2F;&#x2F;blog.pickey.ai&#x2F;login-sign-up-tutorial-for-ios&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.pickey.ai&#x2F;login-sign-up-tutorial-for-ios&#x2F;</a> - Short overview : <a href="https:&#x2F;&#x2F;youtu.be&#x2F;KedRFg-Qg_Y" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;KedRFg-Qg_Y</a>