Custom PC

REVIEW: Mooltipass Mini BLE

By Gareth Halfacree. Posted

It’s been a long road for the Mooltipass Mini BLE, a Bluetooth-equipped successor to the Mooltipass Mini password safe (reviewed in Issue 168), not helped by a global components shortage that continues to bite the electronics industry.

When previewed in Issue 201, it was hoped the gadget would reach backers of its crowdfunding campaign by January 2021, but it would be nearly six months later when backers finally started receiving their devices.

The delay has been put to good use. At its heart, the Mooltipass Mini BLE is unchanged from when we previewed it a year ago. It’s an open-source pocket-sized gadget that stores all your passwords in a secure element, protected by a physical smart card and four-digit hexadecimal PIN.

Stored passwords can be retrieved using a companion application dubbed Moolticute, extensions for the most popular browsers or directly on the device, where they are typed out as though on a keyboard or, optionally, displayed on the screen.

The device is a little bulky, but feels solid in the hand

The Mooltipass Mini BLE improves on its predecessor with an integrated battery and Bluetooth Low Energy connection. Since our preview, the latter has been vastly improved – it’s now wholly functional, both for use as a Bluetooth keyboard on smartphones and tablets, and for connection to Moolticute on desktops and laptops, bar a few edge cases and compatibility with unusual devices.

The promised FIDO2 feature, which allows the Mooltipass Mini BLE to act as second-factor or password-free authentication for websites and apps supporting the WebAuthn standard, has also been completed in time for launch. Integrated into the Moolticute app, it works more or less seamlessly.

Each Mooltipass Mini BLE comes with two custom-designed smart cards – one to use and one as a backup

However, it only supports WebAuthn and not the older FIDO U2F standard, meaning it’s not compatible with Firefox on Linux. If you’re not a Linux or Firefox user, though, it’s a fantastic string to the Mooltipass bow, and saves needing to buy and carry a second security token with you.

Mobile compatibility is now completely solved too, with one issue of note – there’s still no mobile version of Moolticute, so while you can manually retrieve credentials and have the Mooltipass Mini BLE type them over Bluetooth, there’s no way to add or update credentials without moving to a desktop or laptop running Windows, macOS or Linux.

There have been additional improvements too. It’s now possible to add time-based one-time password (TOTP) credentials, which typically require a physical dongle or companion app such as Google Authenticator or Authy. The storage for arbitrary files has also been improved, and you can now store notes on the device.

Each package includes the unit itself, two smart cards, a silicone cover and a USB cable

The latter is a particularly smooth feature. Previously, files could only be stored or retrieved, so if you had a file you needed to update, you had to retrieve it, edit it, delete the copy on the Mooltipass and then store it again before deleting the local copy. Now, you can just click ‘edit’ and change a file’s contents directly in Moolticute.

The hardware is less changed. The casing is now more secure, with the original beta units having been built for fit-testing rather than security, and it’s difficult to separate the parts without leaving obvious signs of tampering. Bugs in battery charging and display brightness have been fixed, and the bundle now includes a neat silicon case to prevent the body from being scratched in your pocket. Sadly, though, the single-colour OLED display is still left unprotected.

Meanwhile, the jog button at the side, which serves to scroll through menus and select or confirm items, is also improved. Those who had an original Mooltipass Mini may have encountered it skipping over items, but that shouldn’t be an issue with the new model, although this problem is relatively easy to resolve on the original unit with the application of a little contact cleaner.

With a number of online password safe services having introduced new ongoing charges, or admitting to security breaches, the Mooltipass Mini BLE is more tempting than ever. However, it still comes with the same caveat as the original, which is cost. At £91 (ex VAT), the Mooltipass Mini BLE will set you back more than the cost of several years’ subscription to a cloud-based password management service and, effectively, doesn’t do much that you can’t do in software with a couple of open-source applications.

The improved security, though, makes it a great buy. Plus, when you consider that you don’t need a separate FIDO2 dongle, it could even be considered a bargain. Longevity could be an issue, true, thanks to the non-replaceable NiMH battery, but in over a year’s use our beta unit hasn’t skipped a beat.

The Mooltipass Mini BLE is available to pre-order at mymooltipass.com for £92.73 (ex VAT) plus £29.67 for postage, with more stock expected in early October. The package includes a USB cable, silicon case and two programmable smart cards.


https://freelance.halfacree.co.uk/

From Custom PC store

Subscribe