Help

Basic usage:

Enter the Password, or use biometric authentication (), to open the app.
Enter password hint in the Enter Hint box.
Press Enter key or click one of the arrows ( or ) next to the Enter Hint box to generate password. It will be automatically copied to the clipboard.
Paste this generated password from the clipboard where needed.

...or read on for more...

Installation and Settings

When you first visit the HPASS site, generic settings are initialized to default values, encrypted using Password (a.k.a. Master Password a.k.a. HPASS Password) as a key, and saved locally on your device.

Secret (🤫): is initialized to a random string, e.g. "ypiG_8s1nUCNcv5l". Purpose of Secret is to generate unique passwords for each user. You can keep it as is, or change it to a longer string for enhanced security. You can generate random string using HPASS, or an online random string generator (e.g. random.org/strings). Alternatively, you can change it to a memorable customized value, but it would likely be less secure.
Special Character (🌶): "_" i.e. underscore; multiple characters are allowed in this field.
Length (📏): 15

Default values for Special Character and Length are selected to satisfy most sites. You may need to change them if some site enforces password requirements inconsistent with your generic values e.g. doesn't allow "_", requires a password shorter than 15 characters, etc. These will be site-specific settings.

Click the gear button () to view, modify, save, export, and import settings.

IMPORTANT: Keep generic and site-specific settings stored safely. You'll need them to generate the same passwords if your device or device's data are lost.

Multiple devices

To generate the same passwords, you have to have the same settings on each device. To make synchronization easier, settings can be exported (

) - encrypted or plain text - from one device and imported (

) on another using simple JSON format.

Extra security

The two additional settings provide an extra layer of security if your device and settings are compromised:

Top Secret (🤐): any string (default: empty string)
Warm up (🔥): the number of warm up rounds for PRNG (default: 0)

These two settings are not stored, and are discarded at the session's end or page reload. You need to enter them every time to generate passwords. This is a small price in for high-value passwords (bank accounts, social security, etc.) if you're concerned about data security on your device.

The password prompt entered in the Enter Hint box at the top of the screen together with Secret, Special Character, Length, and Top Secret are used to construct the seed for PRNG (Pseudo-random Number Generator). This seed, together with Warm up parameter (number of warm up rounds for PRNG), determines the generated password i.e. the same values always generate the same password.

Icons

Generate

Edit

Save

Export

Import

Help

Info

Biometrics

Support

Change

Lock

Reset

Install

Contact

Email info@hpass.app to ask questions, suggest improvements, etc.

Frequently Asked Questions

One simple way to change password periodically, is to add a counter to the Special Character field and save new value as site-specific setting. For example, you change "_" to "_1", next time to "_2", etc.

NOTE: NIST now recommends againts forced periodic password changes. From NIST SP800-63B: [...] Do not require that passwords be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise [...]