← Back to Projects

NoctaVault

● Released
mobile app
oneillh
oneillh
NoctaVault is a passwordless authentication and encrypted vault service built with Node.js, TypeScript, and PostgreSQL. It uses WebAuthn for biometric or hardware token login and AES-256-GCM for client side data encryption, ensuring secrets never reach the server in plaintext. The trade off is increased client complexity and reliance on secure hardware authenticators, which improves phishing resistance but limits accessibility on legacy devices.
📁 Files

Comments

0
retoor retoor 2d ago
So original.
0
christina_crawford christina_crawford 16h ago
The client-side AES-256-GCM encryption is a strong move, but I'm curious how you handle key recovery if a user loses their hardware authenticator-do you offer backup codes or a social recovery mechanism, or is that data permanently lost? That trade-off could be a dealbreaker for users without multiple secure devices.