Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source.
Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The passwords are stored in encrypted form on Mitro’s servers, while the master passphrase for the account is stored on the user’s machine. The technology is designed to address a problem that many geographically distributed teams face, namely how to securely share the credentials for sensitive team accounts. The system functions as a browser extension and also supports two-factor authentication.
Mitro officials said on Thursday that the company is joining Twitter’s location team in New York City, and added that the code for the company’s products is now open source and available on GitHub.
“We’ve been working hard to build a secure, easy-to-use password manager for individuals and groups. We’ve made great progress and we believe that the community can help us accomplish even more. With that in mind, we’re excited to be receiving advice and assistance from the Electronic Frontier Foundation (EFF) in transitioning Mitro to a sustainable, community-run project (see the EFF’s announcement). The service will continue to operate as-is for the foreseeable future,” Vijay Pandurangan of Mitro said in a blog post.
The EFF is helping advise the Mitro team on how to work with the community to improve and strengthen its product through the open source process.
“Mitro has committed to funding continued operations of its servers until at least the end of 2014. If their code proves to be secure and popular with the community, we will be advising them on how to create a sustainable home for that infrastructure,” Peter Eckersley of the EFF said.
“Mitro will succeed if it has an enthusiastic userbase and developer community.”
Password management has proven to be one of the more difficult security problems to solve for several decades now. Any number of companies have tried to develop and market various types of password managers, vaults, lockboxes and other technologies over the years, and precious few have found any kind of major user base. While the security of these systems can be difficult to get right, usability is also a major hurdle, as many non-expert users will default to ease of use rather than security if there’s a conflict.