Makes secure, unique-per-site passwords.
Works offline. No central database to get hacked. Good for these reasons.
Getting Your Settings Right
You should check out the Settings before using the app for all your passwords, as it's a bit
messy to change them later.
Here's what they do:
- Length of passwords – How long the output passwords should be for each site – not
including the extra fixed number if you enable that setting. The default is 15 because unfortunately a few
sites limit passwords' length to 15 or 16 characters – some even cap them at 12. (You should probably
complain to the owners of any sites with this kind of upper limit, as it weakens your security and theirs.) The
longer you make the output, the stronger your passwords will be but the more sites will ask you to trim them
down. Depending on your appetite for convenience vs. security, lengths of 20 or even higher may be worth
considering, but keep in mind you may have to manually shorten the results for some sites.
- Possible characters – Another trade-off. The default is Alphanumeric
because quite a few sites unfortunately disallow some symbols that can be included when you pick
Alphanum + symbols. As with higher lengths, adding in symbols makes things more secure but less
- Minutes to remember master password – This doesn't affect your passwords, just how
the app behaves on your phone. If you set it to 0 we'll try to clear it once it looks like you're done
with the Make a Password screen, but you should still be careful and lock & encrypt your phone for
- Hash algorithm – This one's pretty complicated. If you haven't used a different choice
with another extension or app already, probably stick with the default.
- Add a fixed number? – This is a quick shortcut to help you out when sites require
a number in your password. It doesn't really make things more secure, but helps you meet that criterion by
sticking the exact same digit onto the end of each password. You can use Password Suffix to get the
same effect in some browser extensions and other apps.
- Use just domain name? – Only turn this off if you are using the app in an unusual way
or need every page to have its own different password, even on the same site. For most people this should stay
on. You'll see a warning on the Make a Password screen if you turn it off.
What About Desktop?
Because the Webful app follows the existing PasswordMaker protocol,
you've got options outside the mobile world too, including desktop browser extensions for
There will probably be a web version of the app soon too, similar to
this but with the simplified interface of the Webful
The PasswordMaker app sends no data to our servers, or anyone else's, except as required
by your phone vendor.
As the password making is deterministic
we don't actually need a server, so nothing leaves your phone.
There are no accounts and nothing tracking your usage.
The app is pretty simple for now, favouring ease of use over making passwords fit with every single site's rules.
If there's demand for them we could add some of the more complicated options found in some of the older
PasswordMaker apps out there. Get in touch if you have any ideas!
I'd love to hear your thoughts! Please email email@example.com