Table of Contents
- Why Use This Password Manager?
- Getting Started
- Using It Offline & On Mobile Devices
- Potential Risks & Considerations
- Final Thoughts
- Source Code
Introduction
In today's digital world, managing passwords securely is crucial. Many password managers store your passwords online, posing potential security risks. However, this open-source Password Manager offers a unique approach: it deterministically generates different passwords for different sites and users, ensuring security without storing any passwords online. This means you can use it entirely offline and even on mobile devices without an internet connection.
Why Use This Password Manager?
- No Central Storage: No passwords are stored on any server, reducing the risk of data breaches.
- Deterministic Password Generation: Each password is generated based on user input, meaning you get consistent passwords for the same credentials.
- Offline Usage: Works completely without an internet connection.
- BIP39 Backup & Recovery: Backing up the master key with a set of words, like on Bitcoin, ensures you never lose access to your credentials.
- Nonce System for Changes: Allows password updates while maintaining security and determinism on passwords creation.
- Encryption for Local Storage: Optionally encrypts locallly the nonces state and the private key, for convenience.
Getting Started
Access the Web Version
Open the Password Manager here: Password Manager Web.
Set Up Your Mnemonic Key
The manager uses a BIP39 mnemonic key for secure backup and recovery. When you first start, you will need to generate and back up a seed phrase that acts as your master key.
Generate a Password
- Enter your Username or Email.
- Enter the Website URL.
- Let the Nonce on 0 if is the first password for that credentials, and modify it if you need other password.
- Press the Show Password button to generate the password for that credentials.
Encrypt Local Data (Optional)
You can choose to encrypt and save locally the private key and the nonces/sites data to speed up future access.
Backup Your Seed Phrase
Write down and securely store your seed phrase for account recovery.
Decrypt Stored Data
If you encrypted your data, you can decrypt it to retrieve your information.
Using It Offline & On Mobile Devices
Offline Usage
This password manager does not require an internet connection. You can save the web page for offline use simply by clicking on save here on desktop, or run it locally by downloading the source code from the GitHub repository and executing it directly from the phone files manager.
Potential Risks & Considerations
While this method is highly secure, users should keep these factors in mind:
- Mnemonic Key Security: Losing your seed phrase means you lose access to your passwords, create redundant back ups of the keys.
- Local Storage Encryption: If you encrypt your local data, ensure you remember your decryption password.
- No Recovery Without Backup: Unlike cloud-based password managers, if you lose your mnemonic key and haven’t backed it up, you cannot recover your credentials.
- Phishing Risks: Since passwords are generated deterministically, always verify you’re entering the correct site URL to avoid phishing attacks.
- Other Users of the Same PC: Other users could brute force the encrypted back up, make sure you use it in trusted devices and in the case of losing one device make sure you change all the passwords with a new master keys.
- Browsers Vulnerabilities: Being browsers the most critical part of devices the risk of a vulnerability, trojan attack, etc exists.
Final Thoughts
This password manager provides a secure, offline, and deterministic approach to managing credentials. By utilizing BIP39 for backup and recovery and eliminating central storage, it ensures maximum security while maintaining user control. Whether you're looking for a simple and secure way to manage passwords or a fully offline solution, this tool is an excellent choice.
Try it out today: Password Manager Web
Source Code
Explore the full source code on GitHub: GitHub Repository
