Recently I was trying to create an emergency sheet document for personal use. Initially, I created a document based on various resources found online. Then an idea suddenly came to my mind to create a fully customizable tool and I’d love to share it with you all in case anyone needs it.
Password Manager Emergency Sheet Generator (pmesgen) provides a simple way to manage and store important credentials related to your password manager. It’s designed to serve as an emergency sheet containing key information to access your password manager in case of an emergency, such as forgetting your credentials or losing access. Fully customizable and open source!
Features:
No installation required.
Simple and user-friendly interface.
Ready to use sheet template.
Automatically updates the date generated.
Editable labels: Edit the text labels by simply clicking on them.
Add new fields: Add new custom fields to record additional information.
Remove fields: Remove unwanted fields with the press of a button.
Save as template: Save your sheet as an HTML template file on your local machine for future use.
Print: Option to print the sheet for offline use.
How to use it:
Open the website Password Manager Emergency Sheet in your browser. Alternatively clone the repository: git clone https://github.com/penglezos/pmesgen.git
Customize the existing text labels by clicking on them.
Click on “Add new field” button to include custom entries if needed.
Click on “X” button to remove any fields you don’t need.
Click on “Save sheet as template” if you want to download an HTML copy of your sheet for future use.
Click “Print sheet” to print your sheet.
Fill in the fields with your information.
Store printed copy securely in a locked safe or other secure location.
@penglezos Welcome to the forum, and thank you for sharing your work.
I have not reviewed your source code for potential security vulnerabilities, but I have the following initial feedback:
Most of the default fields appear to be self-explanatory, except for “USB encryption key”. What is this for? You may want to consider whether the relevant use-case is sufficiently common to warrant including this as a default field.
Why is the Phone Number required in an emergency recovery scenario?
To accommodate users who back up their vault data using a method different than creating a vault export, I would suggest renaming “Vault export password” to “Backup file password”.
Using the Bitwarden Two-Step Login Recovery Code is a “nuclear” option for when access to the 2FA factor(s) is no longer possible; however, you might consider adding some default fields to also accommodate less serious 2FA recovery scenarios (e.g., login credentials for an authenticator app, or user verification PIN for a hardware key, etc.).
Feel free to do so, I’m trying to eliminate the use of javascript in the code, so far it is used only for: field addition and removal, saving the template as an HTML file, and updating the documents “updated on” date.
USB Encryption Key: This field is intended for users who store vault export, recovery keys, or any other sensitive data on an encrypted USB device as part of their security setup. However, I acknowledge that this may not be a common use case for all users. I’ll evaluate whether it should remain a default field.
Phone Number: Not sure if this is needed other than authenticator app services which rely on phone number existence. This should be evaluated too.
Renaming “Vault export password” to “Backup file password”: I assume by saying “using a method different than creating a vault export” you are referring to zipping the file and encrypting it with a password? I think it should stay as it is and maybe add another field or simply let the user customize the field.
Additional 2FA Recovery Fields: It’s in my plans to add fields regarding the use of an authenticator app, pin for hardware keys, etc.
The whole idea of the tool is to let the user customize the fields according to the “security scenario” he/she uses easily.