A powerful Java-side password system for your Kodular apps!
What is it?
Password Manager is a professional-grade Kodular extension that helps you securely manage passwords inside your app β no extra component required!
Keep your usersβ credentials safe with industry-standard one-way hashing.
No AES, no reversible encryption β just strong, secure, and irreversible protection.
Features at a Glance
Feature
Description
SetPassword()
Save a new password securely using SHA-256 hash and unique salt
VerifyPassword()
Check if user input matches stored password
ChangePassword()
Safely change password using old one
ClearPassword()
Wipe stored hash and salt
SetPasswordHint()
Save a helpful password hint
GetPasswordHint()
Retrieve the saved hint
IsPasswordStrong()
Prevent weak passwords (digit + uppercase + special char)
IsPasswordSet()
Check if any password is stored
Blocks Overview
You donβt need TinyDB β everything is handled inside the extension!
Set Password
PasswordManager.SetPassword("MySecure@123")
Verify Password
PasswordManager.VerifyPassword("MySecure@123")
Change Password
PasswordManager.ChangePassword("old", "new")
Set Hint
PasswordManager.SetPasswordHint("Try your petβs name")
Events
Event
Triggered Whenβ¦
PasswordChanged
Password changed successfully
OldPasswordIncorrect
Wrong password during change/verify
PasswordVerified
User input password matched current password
PasswordCleared
Password data was wiped
PasswordTooWeak
New password doesnβt meet strength requirements
Storage
Uses SharedPreferences
Generates a random 128-bit salt per password
Only the hash and salt are stored β no plain text, no encrypted values
Works across sessions, phones, and restarts β fully persistent
Usually storing password hashes instead of encrypted passwords (or even worse, plaintext passwords) is a fundamental security practice. The core reason lies in the irreversibility of hashing, which provides a crucial layer of protection in case of a data breach.
Hereβs a breakdown of why hashing is preferred:
Hashing is a One-Way Process (Irreversible)
What it is: A hash function takes an input (your password) and transforms it into a fixed-length string of characters (the hash value). This process is designed to be one-way. You can easily generate a hash from a password, but itβs computationally extremely difficult, practically impossible, to reverse the process and get the original password back from the hash.
Security benefit: If a database storing hashed passwords is breached, the attackers only get the hashes, not the actual passwords. Since they canβt reverse the hash, they donβt immediately know your password. This significantly reduces the risk of your password being compromised and used on other services (especially if you reuse passwords).
Encryption is a Two-Way Process (Reversible)
What it is: Encryption takes plaintext data and transforms it into ciphertext using an algorithm and a key. The key allows the ciphertext to be decrypted back into the original plaintext.
Security drawback for passwords: If an attacker gains access to encrypted passwords AND the decryption key, they can easily decrypt all the passwords and gain full access. Storing the key securely alongside the encrypted passwords is a major challenge, and if the system is compromised, both could be exposed.
The goal of password storage is not to be able to retrieve the original password, but only to verify that the user knows it. Hashing achieves this by providing a one-way, irreversible transformation that protects user credentials even if the database storing the hashes is compromised. Encryption, while vital for data in transit, is not suitable for storing passwords because of its inherent reversibility.
Thank you for the valuable feedback! Youβre absolutely right β for best practice in credential storage, hashing is the ideal approach due to its irreversibility and security.
My extension uses AES encryption mainly because it supports use cases where the password needs to be retrieved (such as offline app locks or private notes). However, Iβm planning to release an ** hash-based version** soon for users who want irreversible and safer storage.
Appreciate your input β stay tuned for the secure-hash edition!
In the secure hash-based version, the GetCurrentPassword() method has been removed β because hashed passwords are irreversible and cannot be retrieved.
In the older AES version, it returned the decrypted password
In this updated version, no such method exists β for security reasons