Passwords are hard.

With leaks of tens or hundreds millions of user’s data (or even billions), including passwords (or hashs), users are reminded to never reuse passwords across difference services, but very few do. Even with system administrators and developers that follow all best-practices for safe password storage, a slight drip through the cracks can leave millions of users’ passwords and data unsafe.

Password managers are also (somewhat) hard. They have a steep learning curve for average of even technical users, and have many cons, such as:

• Users must setup and maintain their favorite password managers across all devices they regularly use.
• Setup syncing, which can be complicated, and relies on a third party which can be hacked, or which costs money.
• They are not forced to use secure passwords, and often encourages password reuse, even with the option to generate safe and secure passwords built-in.

Imagine only having to remember a single master password, and having a secure (unique) password for each service, with near-zero setup. MasterPassX aims to do that.

Demo of MasterPassX.

MasterPassword (not X) aimed to fix this with a ingenious algorithm, which relies on stateless generation. To summarize, this algorithm generates a unique cryptographic key based on your name, and a single master password (which the user must remember, and is encouraged to be secure and long in length). It then generates passwords based on this key and the service’s URL you are trying to access (and some optional parameters).

This ensures that all password generation is:

• Client-side. No back-end, so no risk to ever intercept passwords or other data, making generation trustless.
• Deterministic. Using the same name, master, and URL, the generated password will always be the same across all devices, making it stateless.
• Secure. Passwords are long in length and entropy, with different templates such as “long” (default), PIN (4 digits), and so on.
• Free (as in beer) and never stored (also as in freedom!).

MasterPassword (the original) had some issues I found were against user adaption, such as ease of use, branding, technical slowness and adaptation. MasterPassX aims to fix these, while being fully compatible with it’s ancestor.

Both MasterPassword and X are free as in beer, and free as in freedom, with MasterPassX being licensed under the permissive MIT license. The whole source code can be viewed on GitHub.

Support for multi-user setups.

It is available as a web app, which you can add to homescreen on your mobile devices for a near-native experience.

Browser extensions for Firefox and Chrome are available.

Browser extension demo.

Give MasterPassX a try now for free!