A secure, local, multi-user desktop credential manager built on Java Swing.
Key Features • Security & Implementation • Application Showcase • Getting Started • Project Structure
- Double-Layer Authentication: Register & log in securely using local profiles.
- Multi-Factor Authentication (MFA): Adds an extra 6-digit MFA code challenge for all user accounts.
- Personal Password Vault:
- Add Credentials: Log site names, usernames, passwords, and custom notes.
- Interactive Search & View: Browse and manage your password entries in a structured list view.
- Secure Admin Access: Access the administrative console with master admin credentials (
admin123/ MFA123456). - User Monitoring: Audit registered users and view counts of their saved password entries.
- Vault Inspection: View raw encoded vault strings directly from the admin dashboard.
- System Log Viewer: Audit system activity logs (
system.log) in real-time.
Rather than storing credentials in plaintext, SecurePass Manager implements custom encoding/decoding using java.util.Base64.
- Password Security: The master password in the user's
profile.datand all saved password entries insidevault.datare encoded when saved, and decoded only when authentication or visualization requires it. - Implementation (
Encoder.java):public class Encoder { public static String encode(String s) { return s == null ? "" : Base64.getEncoder().encodeToString(s.getBytes()); } public static String decode(String s) { if (s == null || s.isEmpty()) return ""; try { return new String(Base64.getDecoder().decode(s)); } catch (Exception e) { return "[DECODE ERROR]"; } } }
To prevent unauthorized entry even if the master password is leaked, a local MFA flow is implemented:
- Code Generation: Upon account registration (
SignupScreen.java), a random 6-digit code is dynamically generated:String mfa = String.format("%06d", (int)(Math.random() * 1000000));
- Storage & Display: The user is shown their unique MFA code once upon sign-up, and it is stored securely on the third line of their local
profile.datfile. - Verification: At login (
LoginScreen.java), the user is prompted to enter their MFA code, which is validated against the stored value:String input = JOptionPane.showInputDialog("Enter your 6-digit MFA code:"); if (input == null || !input.equals(mfaCode)) { JOptionPane.showMessageDialog(panel, "Invalid MFA Code!"); return; }
- Java Development Kit (JDK) 8 or higher installed.
-
Clone the repository:
git clone https://github.com/Zabi-01/SecureUserCredentialManager.git cd SecureUserCredentialManager -
Compile the Java sources:
javac *.java -
Launch the application:
java SecurePassManager
SecureUserCredentialManager/
├── 📁 screenshots/ # UI Showcase assets
│ └── gui_showcase.png # Application screenshot
├── 📁 users/ # [Local Only] Encrypted user profile and vault directories (git-ignored)
├── 📁 logs/ # [Local Only] Application logs directory (git-ignored)
├── 📄 *.java # Application source code
└── 📄 README.md # Project documentation
