Horcrux Is a Password Manager Designed for Security and Paranoid Users

7 July 2017

Bleeping Computer has an article about our work on a more secure password manager: Horcrux Is a Password Manager Designed for Security and Paranoid Users, 4 July 2017.


Two researchers from the University of Virginia have developed a new password manager prototype that works quite differently from existing password manager clients.

The research team describes their password manager — which they named Horcrux — as “a password manager for paranoids,” due to its security and privacy-focused features and a unique design used for handling user passwords, both while in transit and at rest.

There are two main differences between Horcrux and currently available password manager clients.

The first is how Horcrux inserts user credentials inside web pages. Regular password managers do this by filling in the login form with the user’s data.

The second feature that makes Horcrux stand out compared to other password manager clients is how it stores user credentials.

Compared to classic solutions, Horcrux doesn’t trust one single password store but spreads user credentials across multiple servers. This means that if an attacker manages to gain access to one of the servers, he won’t gain access to all of the user’s passwords, limiting the damage of any security incident.

More details about the Horcrux design and implementation are available in the research team’s paper, entitled “Horcrux: A Password Manager for Paranoids”.