PassMeNot

PassMeNot is a secure auto-login system that allows sharing login credentials temporarily and securely using one-time access links. It allows users to authenticate to target sites without ever exposing the raw password to the end client, reducing password exposure risks. The project includes an Express-based coordination server and a companion Web Extension.

---

🚀 How It Works

1. Link Generation: A user inputs the destination website URL, username, and password into the PassMeNot interface.
2. One-Time Tokenization: The Express server cryptographically processes the input, generates a unique one-time-use token, and returns a secure access URL.
3. Password Masking: When the recipient clicks the access URL, they are redirected to a temporary login page.
4. Auto-Fill Extension: The companion Chrome/Firefox Web Extension detects the auto-login metadata, injects the credentials, and automatically submits the form, authenticating the user without disclosing the plaintext password.
5. Auto-Expiration: Once the one-time link is accessed, it is immediately deleted from the server's cache to prevent replay attacks.

---

🛠️ Tech Stack

• Server: Node.js, Express.js
• Frontend Template Engine: EJS, CSS
• Real-Time Communications: Socket.io
• Browser Integration: Web Extensions API (Manifest V2 compatible with Chrome & Firefox)

---

📐 System Architecture

sequenceDiagram
    participant U as User (Sender)
    participant S as PassMeNot Server
    participant R as Recipient (Client)
    participant E as Browser Extension
    participant T as Target Website

    U->>S: Submit credentials (Site, User, Pass)
    S-->>U: Return One-time Link (Tokenized ID)
    U->>R: Share Link
    R->>S: Request Access Link
    S-->>R: Serve auto-login page & Delete Token
    R->>E: Extension detects credential payload
    E->>T: Auto-fill form and submit login

Loading

---

📁 Repository Directory Structure

PassMeNot/
├── passmenot-extension/    # Browser extension source files
│   ├── manifest.json       # Extension manifest
│   ├── background.js       # Background workers
│   ├── content.js          # Content injection script
│   └── popup.html          # Extension action popup UI
├── views/                  # Express template views (EJS)
│   ├── index.ejs           # Main credential generation panel
│   ├── access.ejs          # Link access template
│   └── generated.ejs       # Generated link confirmation view
├── server.js               # Node/Express coordination server entry point
├── package.json            # Server package metadata
└── .gitignore              # Node git exclusion rules

---

⚙️ Installation & Usage

Prerequisites

• Node.js (v16.x or newer)
• A modern browser (Chrome, Brave, Edge, or Firefox)

1. Run the Coordination Server

git clone https://github.com/ramanan-2735/PassMeNot.git
cd PassMeNot
npm install
npm start

The server will start at http://localhost:3000.

2. Install the Browser Extension

1. Open your browser and navigate to the extensions page (e.g. chrome://extensions or about:debugging in Firefox).
2. Enable Developer mode (usually a toggle in the top-right).
3. Click Load unpacked and select the passmenot-extension directory inside the cloned repository.

---

🔒 Security Principles

• Zero-Storage: Credentials are held purely in memory (Map) and are never written to disk or logs.
• Strict One-Time Access: Once a token is read, it is immediately deleted (passwords.delete(id)), ensuring the link cannot be reused.
• SHA-256 Hashing: Raw credentials can be cryptographically hashed to verify integrity.

---

📄 License

Licensed under the MIT License. See LICENSE for details.