Authorizer is a Password Manager for Android. It emulates an HID keyboard over USB and enters your credentials on your target device. Additionally it supports OTP :key::mobile_phone_off:
Transform Android devices into secure, offline password managers with USB/Bluetooth Auto-Type, OTP, and FIDO support.
Use your Android device as a dedicated hardware password manager. It avoids manual typing of lengthy and complicated passwords by offering USB and Bluetooth Auto-Type features. Acting as a keyboard, Authorizer enables users to automatically input passwords on their PC, laptop, tablet, or another smartphone with a simple in-app button press.
By having your Authorizer-device offline using airplane mode, you create a physical separation between your credentials and the devices commonly used for daily activities. Similar to Security Keys but with enhanced functionality and comfort. This concept helps reduce the likelihood of password breaches and unauthorized access, ensuring stored credentials remain secure from online threats and unrelated apps.
Even if you don't fully trust the Authorizer app, you can maintain security as long as your Authorizer-device's underlying OS provides network isolation and data encryption.
* As Authorizer has its foundation in PasswdSafe for Android, it has also adopted these features.
For security and privacy reasons, the recommended device is any maintained Google Pixel with GrapheneOS.
Other devices might work as well. But as a lot of smartphone vendors are not publishing its underyling kernel and Android source, they can't be recommended.
Authorizer can run on every Android device with version 5 or higher (Lollipop: API/SDK level 21).
For Bluetooth features, minimum version 9 is required (Pie: API/SDK level 28). Higher is recommended for stability reasons.
For Auto-Type over USB, low-level root permissions are required to run USB Gadget Tool.
Authorizer does not require root permissions when it is allowed to write to /dev/hidg1 natively (file permissions and selinux needs to be configured for this).
Features | Windows | Linux (⚠️) | macOS (⚠️) | iOS | Android |
---|---|---|---|---|---|
AutoType - USB | ✅ | ✅ | ✅ | ✅ | ✅ |
AutoType - Bluetooth | ✅ | ✅ | ✅ | ✅ | ✅ |
FIDO U2F | ✅ | ✅ | ✅ | ✅ | ✅ |
FIDO WebAuthn | ✅ | ✅ | ✅ | ✅ | ✅ |
⚠️ For macOS and Linux, Chrome or other compatible browser is required. Firefox does not support FIDO / FIDO2 over Bluetooth natively on these platforms.
Authorizer is able to pretend to be an HID Keyboard so it can auto-type the credentials over USB and Bluetooth.
There are Auto-Type buttons at the password entry view. If a button is pressed longer, a different keyboard layout can be choosen. Additional, there is a USB Quick Auto-Type button in the TreeView which auto-types the respective password on a long press.
There are different settings per password entry like delimiter and the password return suffix. In the general App preferences a default keyboard layout can be choosen.
Auto-Type over USB requires support of the USB HID device role. This can be enabled with my USB Gadget Tool.
Auto-Type over Bluetooth is currently an experimental feature and only available on Android Pie (9.0) or higher.
The concept behind Authorizer is to have an offline device. As a consequence, it can't create password file backups over the network. To create backups in a comfortable way, Authorizer will open a backup dialog if it detects a new connected mass-storage (e.g. an USB stick connected over an USB On-The-Go adapter). By pressing "Backup now" in this dialog, a backup folder can be selected. It must contain a GPG public key with the file name "pubkey.asc". The default password file will be encrypted with this GPG key and stored in the selected folder.
This feature can be enabled over the general App preference "Enable GPG backup on USB storage".
Besides standard username & password entries, Authorizer also supports two-factor authentication (2FA) over one-time passwords (OTP). Time-based (TOTP) and HMAC-based (HOTP) one-time passwords are supported.
The OTP secret can be added to a password entry manually or by scanning a QR code. Afterwards, a press on the empty token field ("------") will generate a new OTP. It is also possible, to auto-type the OTP over USB or Bluetooth by adding {OTP} as a placeholder directly in the username or password, e.g. {OTP} in the password "myPa$sword{OTP}" will be replaced with a newly generated OTP.
Like username, password and other data, the OTP secret is stored in the password file.
In addition to the {OTP} placeholder, Authorizer also supports {TAB} and {RET} for the tabulator and return key. Adding these to the username and/or password will result in auto-typing the respective key (tab or return) instead of the placeholder.
Example: if "peter{TAB}{OTP}" is set as the username, "peter" followed by the tabulator key and a newly generated OTP will be auto-typed.
Please see Authorizer Roadmap.
In progress
Contributions are highly welcome.
For contributions, discussions and questions around Authorizer, feel free to
Please note that I am not interested in further localization of Authorizer, except for auto-type keyboard layouts.
Authorizer is based on
Authorizer does not collect any data from your mobile device.
If you believe this policy has been violated in any way, please file an issue.