Name	Alexandru Antonescu
Username	aa227wr
Study Form	Campus
Project Name	TimeLock
Technologies	EJS, Nginx, Node.js, Express, Docker, MongoDB, HTML/CSS

Many users experience uncertainty regarding password management and limitations with traditional password managers, which often lack clear history management and secure methods for accessing saved passwords. Users need a solution where they can safely log in with a unique code, store their passwords securely, and view history of changes – without revealing previous passwords. The application should also be accessible on both mobile and desktop devices, which strengthens security and increases transparency.

The application targets three main user groups:

Private individuals who want to protect their digital accounts and avoid worrying about password breaches.

Companies and employees with high requirements for internal data security and need for reliable password management.

Developers and technically knowledgeable users who manage many passwords and demand transparency, history tracking, and high security levels.

There are currently several well-established password managers on the market, such as LastPass, 1Password, and Dashlane. These systems offer:

• Good user-friendliness
• Encrypted storage
• Integration with browsers and apps

But they also have limitations:

• Lack clear and detailed history of password changes
• Do not always offer transparency about what is stored and who has access
• In some cases, developers or the service itself have potential access to sensitive data

Many users today are forced to document password changes manually, which can lead to mistakes, lack of traceability, and increased security risks.

TimeLock positions itself as a complement – and improvement – by putting the user in full control.

TimeLock is designed to meet modern security needs in a way that other password managers do not. The application focuses on integrity, user control, and transparency. Here are the core functions:

Secure password storage - All data is stored with end-to-end encryption, which means only the user has access to the content.

• Passwords are encrypted both during transmission and storage, with strong keys and modern algorithms.

History without revealing previous passwords - Every change to a password is registered with a timestamp, so the user can follow changes over time.

• Previous passwords are never shown, only information that a password has been changed, when, and for which service.

Two-factor authentication - The user logs in with both a primary password and a one-time code sent via email.

• This protects user accounts even when passwords are leaked or guessed.

No access for developers - The system is built so that not even the developer or operations manager can decrypt or see the user's stored passwords.

• This architecture ensures that the user has complete control over their data.

Platform-independent availability (PWA) - The application is developed as a Progressive Web App, making it fully functional both in browsers and as an installed app on mobile or desktop.

The technology choices for the project I have selected are:

• Frontend: Express with EJS for layout and interface
• Backend: Node.js with Express for handling API, authentication, password management, and history
• Database management: Two MongoDB databases separated via Docker containers for security and modularity
• Server and security: Nginx as reverse proxy with HTTPS, JWT for secure authentication, RSA encryption, and rate-limiting
• Mobile adaptation: Development according to PWA standards with HTML/CSS for responsive design