I built an Android password manager with a deliberate constraint: your PIN is never stored anywhere – not on device, not on any server, not in backups. If you forget it, your data is gone.
Most password managers have recovery mechanisms. Those mechanisms are attack surfaces. I wanted to see what a password manager looks like when you eliminate that entirely.
How it works:
- Your PIN derives the AES-256 encryption key
- Secrets are encrypted at rest on your device
- Optional Google Drive backup (uploaded in it's encrypted form – Google only sees ciphertext)
- System autofill service for apps/browsers
- TOTP authenticator built-in
- Export to password-protected ZIP if you want to leave
What you give up:
- No recovery if you forget your PIN
- No real-time multi-device sync
- No web interface
The idea isn't that this is better for everyone. It's that for users who want verifiable privacy over convenience, the trade-off makes sense. You don't have to trust my privacy policy – you can verify that there's no recovery mechanism to exploit.
Free tier: 5 passwords. $1 one-time for unlimited.
1 comments