Master Password is a wholly different way of doing passwords.

The Master Password way

Stop writing down your passwords.

Stop storing your passwords in a "secure" place, such as a vault, a keychain, an app or "the cloud".

In fact, just stop thinking about passwords at all.

Master Password users have no more passwords. They have a password. Their password is their single master key for unlocking all doors.

One, two, enter.

As a Master Password user, there are about three steps to entering any site:

  1. Enter your master password to unlock your Master Password app.
  2. Find the name of the site you want to get into, copy its key.
  3. Paste the site's key into the site and log in.

Most browsers will then ask you to "save" the site's password. For most people, this is a good idea and will subsequently allow you to log in without having to use Master Password at all.

How do I get started?

Depending on how many sites you currently hold active accounts on, this is likely going to be your biggest curve.

Master Password generates passwords for you to use. That means, you cannot use your old passwords with it (in truth, you could, but that would defeat the purpose - you shouldn't).

For every site where you currently hold an account:
Sorry, you'll have to log into the site once with your old password and update the password to the new and much stronger password Master Password has generated for you.

For every site you sign up with from now on:
Simple: stop trying to come up with a good new password for your next account. Just copy/paste Master Password's generated password for this site into the password and confirm password fields.

I want pictures.

All right. Here's Robert on his iPhone:

He wants to sign up for Twitter. Robert filled in all the fields, except for password. Not wanting to worry about what his twitter secret is going to be, he switches to Master Password.

Of course, he begins by unlocking his user with his master password. Robert can skip this step by going into Master Password's preferences and setting it to either save his master key or remember his login, but he choses not to.

He creates a password for Twitter by using its bare domain name: He knows not to use or Twitter or anything non-standard, because that would be very difficult to remember correctly on a later date. If he has multiple twitter accounts, he could prefix the name with a user name and an @:,


If the account Robert's signing up for is with a website that prohibits symbols for some daft reason, Robert can change the type to Basic or something similar instead. Robert can also bump up the complexity to get an even more secure password if he wants.

When Robert created the site in Master Password, it copied the password to his pasteboard. Now, Robert just switches back to Safari and pastes his brand-new password he doesn't care to remember in twitter's password field. All done!

Why, that sounds more complicated.

More complicated than what, exactly? Using robert17 for all your sites? Well, yes. That's also rather the point.

The point is to eliminate the many sources of insecurities related to password authentication, and yet keeping the process surprizingly trivial. What you get in exchange for these two extra first-time only steps is very robust, unique passwords which are not hackable even from a site's leaked password hashes, in addition to the freedom to forget all about passwords. Entirely.

  • You get to stop worrying about what password you used for your bank or the government tax portal, because they both use ridiculous and different password policies.
  • You get to stop writing down passwords and keeping those notes safe from others as well as safe from loss.
  • You get to stop messing with password vaults that promise to encrypt your stuff, but can't help you when you're at a friend's house, or after your apartment fire.
  • You can stop sharing the keys to your digital life with online password websites that promise all the military grade encryption while being gagged and tapped by a government agency.

I use this other password manager, and it's awesome.

I shall not endeavour to quarrel with the point on the awesome scale of your other password manager. That said, Master Password was designed from the ground up specifically because of the many flaws that existed in all the popular password managers at the time. And the times haven't changed for the better since.

I'm going to provide an excessively brief description of the primary flaws other password managers suffer, which Master Password is free from. Please contact me if you have something to add, ask or correct.

While each of these services have many great pros, I will only mention those that Master Password lacks.

  • Password Vaults: 1Password, Mac OS X Keychain, KeePass, ...

    Pros: Some allow you the ability to change your master password or reset it if you forgot it.

    Cons: Your vault needs to be backed up, and you can only access your passwords if you can access the vault. Syncing the vault to all your devices is troublesome and generally relies on uploading your secrets to a company's servers. Total data loss is catastrophic.

  • Online Vaults: LastPass, Secret Server, Mitto, ...

    Pros: Some allow you the ability to change your master password or reset it if you forgot it. Some support "two-factor" authentication.

    Cons: Access to your secrets depends on an active data connection. You've given the keys to your global digital identity to some company you probably shouldn't trust as much as you wish you could. Their website stating that they "can't access your data" doesn't change this, nor does it make any assurances about tomorrow.

  • Password Generators: SuperGenPass, PasswordMaker, PassHash, ...

    Pros: They got the same idea as us! Yay!

    Cons: Sadly, nearly all of these, while claiming the same benefits as Master Password, suffer from critical flaws which either defeat their benefits (reverting them to mere password vaults) or use critically weak crypto, with the result of actually making it trivial to reverse your master password - and by extension, access to all your accounts.

What are Master Password's cons? Or is it flawless?

Master Password also has cons. Let's be frank and list the cons that the other solutions generally don't suffer:

Cons: Changing your master password requires you to update all your site passwords. A compromised or forgotten master password requires you to do the same.

There are some other cons, which I consider "fake cons", with a justification of why I label them as such:

  • My boss gave me this password to use...

    Master Password's generated passwords only work if you use the password generated for you. You cannot use a password somebody else gave you. Only - you can: Master Password implements a hybrid solution, allowing you to save custom passwords in the app. They are AES encrypted with your master key, but like all vault-based password managers, are not immune to loss if you ever lose your phone and backups..

  • I can't reset if I forgot my master password!

    Uh, no. If you forgot your master password, you're probably an alien replica of yourself. So no, you can't reset. If you're not a replica, just make a new user with a new master password and reset all your site passwords. Remember your master password this time.

  • I noticed everybody's doing this two-factor thing now.

    Two factor authentication is defined as authenticating yourself with two methods that are so distinct that a single attack cannot compromise both. Many sites claim to use two-factor authentication but actually rely only on an extra password hidden in an app on your phone or computer. If an attacker can steal your master password, he can probably download the hidden password too. Or read in your two-factor response while you're typing it in. On top of that, you're using a password manager: after your "two-factor" authentication, you get a single password to perform another one-factor authentication with a site. As a hacker, I'd go for the weakest link to break your chain.

You speak of trust, how can I trust you?

A very valid question, and arguably the most important one to ask!

Trust is a very difficult thing to guarantee. Powerful entities will solicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for their claims and actions, this might be sufficient for you.

Most of us mere mortals cannot afford this level of trust enforcement, however. We're mostly left in the position of trusting claims blindly, in the hopes that companies will not violate those claims for fear of taking a seizable public-relations hit.

I propose that none of these forms of trust are sufficient adequate.

In fact, Master Password is what it is because it aims to avoid any requirement of trust in the solution's author. Master Password requires no services or proprietary storage format. I've published Master Password's algorithm for you to inspect and licensed to you the full source code to the implementations for you to use.

What that gives you, is the ability to either inspect and learn how Master Password works or to take this information to a professional (be it an academic, mathematician or payed developer) and have him do this for you.

While at first glimpse, this may not seem terribly useful to you - particularly when you don't have the skill set to perform this verification yourself - but it's actually a pretty big deal to show your naked self as proof of having nothing to hide. If you want to go all the way, you could even build the application from scratch rather than rely on the binaries provided by our distributions.

This is the closest we can get to voiding any need for trust in Master Password, and it's more than you're likely to find in most other popular password solutions.