Your privacy is paramount. Each Master Password you use creates a separate, secure vault. All data for that vault (including the Secret Password and Authenticator keys) is encrypted as a single package before being saved in your browser. This data can only be decrypted with your exact Master Password. No information is ever sent to any server.
Core Features & Architecture
Encryption at Rest
All saved data is encrypted locally in your browser using strong AES encryption. Your Master Password acts as the encryption key. Without the exact Master Password, the data is entirely unreadable.
The Visual Hash (Identicon)
As you type your Master Password, a unique geometric image appears. This helps you visually confirm you've typed your password correctly without having to click a "show password" button.
Stateless Password Generation
The Generator doesn't actually save your generated passwords. Instead, it mathematically computes them on the fly by hashing your Master Password and the Domain Name. If you lose your device, you can still generate the exact same passwords elsewhere.
Zero-Knowledge Architecture
This application runs entirely in your browser. No passwords, credentials, or generated codes are ever sent to a server. You are completely in control of your data backups and exports.
No Accounts or Usernames
To maximize privacy and minimize data collection, no accounts or usernames are used anywhere within the application. Your vault is tied exclusively to the Master Password you provide, keeping your identity completely detached from your stored data.
How It Works
This tool combines a web-based re-implementation of the SuperGenPass (SGP) password generation philosophy with a standard TOTP authenticator, all within a secure, multi-user vault.