The ANOTHERpass app can serve as a credential server (from version 2 onwards) to use the credentials through different clients in a local network.

Concept

The basic concept is that the app and its vault keeps the main storage of all credentials. To make it easier to share credentials with other clients in a local network, e.g. the PC at home or the laptop at work, you can use this browser extension to request credentials from the app. For more convinience, the requested and fetched credentials can be stored locally on each client. This happens encrypted, so you still need the app to unlock the local credentials.

missing image

Screenshots

The extension shows ANOTHERpass buttons on top of each credential input field.

missing image

By clicking on that (or by using the context menu), a popup opens to choose a locally stored credential or to fetch one from the app. There are more actions available, for instance to create a new credential in the app and get them fetched afterwards.

missing image

As a result, the selected or fetched credential is automatically pasted into the input fields. missing image

All locally stored credentials and more available actions can be accessed through the extension menu.

missing image

For instance you can open locally stored credentials.

missing image

Every interaction with the app happens through a separate request dialog. Here you see the ongoing request to the configured credential server. When you see this dialog, you should open your ANOTHERpass app on the phone and continue there.

missing image

The local vault is locked and can only be unlocked by the app through an unlock-request by clicking on the lock-icon. The local vault is locked automatically after a period of inactivity.

missing image

To connect the app on the mobile phone with the extension you have to link them once in the beginning. To do so, you have to scan the presented QR code with the app and enter the IP address or its simplified handle in the link dialog.

missing image

There is also a dark-mode like the app supports.

missing image

Is it secure?

All communication between the app and the browser extension is end-to-end-encrypted. This is achieved through the needed app-linking in the beginning.

Before accepting incoming requests in the app, you should always check the fingerprints for similarity, even in a local network that you don’t administer (like at work).

There is a whole chapter about how the security layer is implemented here.

Where can i find the extension?

You can download the extension on Firefox Browser Add-Ons page (AMO) here:

You can download the extension on Chrome Web Store too:

Download and inspect the browser extension code on Github github.com/jenspfahl