The Push Notification Technology
- Push technology is supported by both iOS and Android devices. This makes it possible to send small chunks of data from a server to a telephone. When you install the Phrase-Lock app respectively your USB-Key, a unique but completely anonymous ID ( some kind of anonymous address) is generated and stored on our server, if you have agreed. We assume that you have given your consent. You probably have already got in touch with push technology: for example WhatsApp uses this technology to inform you about the arrival of new messages and many other apps do the same.
With Phrase-Lock, each login record now has a unique identifier that does not exist a second time. If you set up Push-To-Login for a specific login data record, you tell us for which data record this should happen. We are only informed about the unique identification and not the content of the login data record! If you call the Push-To-Login link, our server sends the unique ID to your cell phone and it immediately calls the send mask. In the meantime, your browser has also called up the page with the login mask and you only have to tap your phone once to enter the login data.
That sounds a little like non-transparent magic now – but it is not. Above all, your login data will remain protected at all times and will not be exposed to any danger at any time.
The two possibilities
- In the details mask of each login record, there are two buttons at the bottom that you can use to set up push to login for yourself in two different ways. Use the grey button “Push-To-Login Setup” to create a link for your browser that leads you to the desired page after installation and sends a push message to your cell phone. The account’s send screen will open and you only need to tap your phone once to log in.
The method has a disadvantage that we do not want to deny you: You inform us about the link so that we can call up the page for you. The advantage is that this type of push to login works with any browser.
A second and for you much better method is to set up Push-To-Logins with one of our browser plugins. They exist for Google Chrome, Firefox and Safari. The download links can be found on our page under Tools. With this method, no data is disclosed to us, as forwarding is done directly from the plugin and not via our server.
Both methods are described here one after the other. Try them both and play with them. If you have any questions, we will be happy to help you.
Set up Push-To-Login
- Press the grey button „Push-To-Login Setup“ to configure a Push-To-Login-Link for the desired login data record. Please read the note regarding the possibilities and make your choice.
Enter a link
- After the server has replied, you can now enter the link in the address bar of your browser. Please read the note and make your choice. If you choose „Yes“, the link is entered directly into the address bar via your USB-Key.
If you have any problem, repeat the steps as often as necessary. You can’t do anything wrong nor destroy anything.
Save a Link
- If everything worked as planned, you will see a mask as shown here in your browser. Please read this note carefully! To make the link permanently available, please follow these steps:
• Use the mouse to drag the page to your favorites.
• Activate the check box for „Yes, I want to activate the push and login notification now“.
• Click on the „Activate now“ button.
Now the desired page opens and your cell phone receives the push message to bring the send mask of the login record into the foreground. If the Phrase-Lock app is not currently active or in the foreground, the message is handled according to your phone settings.
The browser extensions
- Phrase-Lock is sometimes a little different. In situations where ease of use would make it simpler to use, we have decided to continue to focus on security before anything else. That’s why our plugins don’t look over your shoulder to automatically manage your login data, like other password managers do. Our plugins are also not a point of attack, because the individual entries do not contain any secrets. All information contained are only meta data and completely worthless for attackers, because without your cell phone and without your USB-Key nothing can be done with it.
In the further course, you will be explained in detail what meta data is involved and what it means.
The download links for the plugins can be found here on this page under „Tools“.
Please install one of the plugins available under „Tools“ before you continue! Thank you!
Prepare a plugin entry
- After you have installed the plugin of your choice, please open it and click on the plus sign again, as shown here.
Now the input window is opened and you can use your USB-Key to insert a new entry for the desired login data record.
Enter a plugin entry
- Open the detail view for the desired login data record and press on „Browser Extension Setup“. You will immediately receive a message, which you should confirm with „Yes“. The entry is then prepared and you see another message, as shown here.
Please read the note! Then place the cursor in the previously opened input window of your browser plug-in. Now please press „Continue…“. When the input via your USB-Key is finished, it should look similar to the next picture.
Saving a plugin entry
- If everything has worked so far, you will see the new entry, which looks something like this illustration. That looks a little cryptic, but it’s not. This format is called the JSON format, which is widely used and very often applied.
To explain the individual fields:
id: A counter that is only used here in your browser plugin for sorting.
title: The name of the login record.
subtitle: An existing subtitle, if any.
link: The link that is to be called when you later select the entry in practice.
push: This is the very large number that is connected to your cell phone and USB-Key and ultimately causes you to receive a push message to invoke the appropriate send dialog on your cell phone.
Please click on the plus-sign below the input window to save the entry.
Please note: It is easy to see that with the help of the Phrase-Lock browser plug-ins no login data are exposed and the entries therefore have no relevance for an attacker.
Invoking
- You can try out the new entry by simply clicking on it. The desired page is then called up in a new tab and the push message is sent to your cell phone in parallel. The push message is sent using a small function in JavaScript. We will then be prompted to trigger the push message and send the message to Apple or Google, who will then send the message to you or your phone. Again, neither Apple nor Google will know anything about your login data, but, as mentioned above, will only send meta data that only makes sense on your cell phone.
By the way, you can easily rearrange the entries with the mouse by holding down a line, dragging and dropping them at the desired position.
On the right side of each entry you see a small cogwheel. If you click on it, you can either delete or edit the entry. The selection remains for a few seconds and then resets itself.
Take your time and experiment with the different possibilities around. You will soon realize how secure and comfortable our browser plugins are!