🔐 Secure Password Vault Download
About the project

Built for security education & real-world protection

Secure Password Vault combines applied cryptography, secure software engineering, and breach intelligence in a Chrome extension suitable for academic assessment and personal use.

Project overview

This project was undertaken as a final-year dissertation module in Cyber Security and Digital Forensics. The goal was to design and implement a password management solution that demonstrates how sensitive credentials can be protected without trusting a third-party cloud provider — while still giving users actionable feedback when a password has appeared in a public breach.

The deliverable includes a fully functional Chrome Manifest V3 extension, technical documentation, security analysis, and this public website hosted at securepasswordvault.site for distribution and project presentation.

Research & technical objectives

Architecture summary

The extension uses a popup-based UI for vault management and a minimal service worker for lifecycle events. Cryptographic routines live in dedicated modules (lib/crypto.js, lib/hibp.js). Encrypted vault blobs and the master-password verification token are persisted in chrome.storage.local only.

No remote database stores user credentials. Network access is limited to the HIBP Pwned Passwords range API when the user adds, edits, or generates a password.

Scope & limitations

We document limitations transparently — an important part of professional security work:

Future work

Planned enhancements discussed in our project report include autofill via content scripts, encrypted backup/export, audit logging for forensic review, and optional Argon2id key derivation via WebAssembly for even stronger master-password hashing.

Credits

Project team & supervision

Secure Password Vault was designed, developed, and tested by the student team below, under the academic guidance of our project supervisor.

Development team

All three members contributed equally to software development — including requirements analysis, cryptography implementation, extension engineering, breach-check integration, user-interface design, security testing, and project documentation.

Arham Ikhlaq

Developer

Co-developed the extension core, cryptographic workflows, and vault storage logic. Contributed to threat modelling, UI implementation, and integration of AES-256-GCM encryption with PBKDF2 key derivation.

Asad Abbas

Developer

Co-developed the Chrome extension architecture, Manifest V3 configuration, and popup interface. Led structured testing, documentation, and alignment of features with project security requirements.

Murtajiz Ali Khan

Developer

Co-developed breach-check integration with Have I Been Pwned, secure password generation, and defensive controls (rate limiting, clipboard clearing, secure reset). Contributed to the project website and deployment documentation.

Academic supervisor

Dr. Zain Ul Abadin

Dr. Zain Ul Abadin supervised this final-year project throughout the research and development lifecycle. His guidance shaped the project's direction — from defining security objectives and acceptable cryptographic standards, to reviewing our threat model, implementation choices, and dissertation structure. We are grateful for his expertise in cyber security and his support during design reviews, progress meetings, and final evaluation.

Explore the extension

Install the latest build or read the privacy policy before use.

Download Contact team