Frequently Asked Questions — General
How is Passify different from any other password manager?
There are significant differences between Passify and other password managers:
 Passify
|
Others |
|
|---|---|---|
| Passwords are not stored Algorithmic passwords are generated rather than stored and are only available after a Private Secret is provided. |
✔ | ✗ |
| Stored data does not expose passwords Passwords are not exposed if device is lost, stolen or compromised |
✔ | ✗ |
| Safe Syncing Passwords are not exposed if sync data is compromised |
✔ | ✗ |
| Decentralized Sync Completely user controlled, including where data is stored and not aggregated with other users' data |
✔ | ✗ |
How is Passify able to remember my passwords without storing them?
Instead of storing passwords, Passify stores "Generators", which are a collection of generation rules for each of your passwords. By themselves, these rules are unique to you and cannot be used to determine your password. The rules define things such as a random unique identifier, when the password was created, which characters are allowed, which characters are required, the required length of the password, etc.
Personal Secret + Generator = Algorithmic Password
When you need to retrieve a password, Passify takes these generation rules, combines them with your Personal Secret (which is not stored), and calculates the password using a special algorithm. As long as the exact same input values — your rules and Personal Secret — are used, the same password will be calculated.
What is a Personal Secret?
A Personal Secret is the key to generating passwords unique to you. It is a special value that only you know. With a single Personal Secret that you remember, Passify can generate an infinite number of passwords.
As long as you provide the exact same Personal Secret each time, Passify will generate the same password. Any variation in the Personal Secret will yield completely different passwords.
There is no way to generate your passwords without your Personal Secret, so be sure you remember it!
What should I use for my Personal Secret?
Your Personal Secret doesn't need to be as complicated as a typical password. However, you should still use something that is hard to guess but easy to remember and type.
A longer Personal Secret is better.
Avoid using public knowledge or personal information.
Using all lower, uppercase, or digit characters is okay if you use a longer secret.
Don't make your Personal Secret too complicated.
Can I change my Personal Secret?
Your Personal Secret is not permanently stored and you can freely switch between Personal Secrets at any time simply by tapping the lock icon or shaking your device.
Using different Personal Secrets will yield completely different passwords. Don't forget your original Personal Secret if you need to generate those passwords!
Why not just randomly generate passwords?
Purely random passwords must be stored somewhere or you would have no way to retrieve them. Storing passwords represents an inherent security risk which Passify mitigates by removing the need to store passwords at all.
Passify's algorithm generates passwords that appear completely random without the need to store them.
Why not just store passwords? Aren't they stored by websites anyway?
Hopefully the websites you are using are not storing your passwords, as this represents a severe security risk and has never been considered a security best-practice!
Regardless, Passify's goal is to provide the benefits of a traditional password manager without the risk of storing passwords in an additional, possibly centralized location outside of your explicit control.
Passify easily allows you to use unique passwords for every website. So, if the websites you visit are improperly storing your passwords, a data breach at any of those locations would at least limit your password exposure to those particular sites and the rest of your passwords would remain unaffected.
What information does the application collect, track or report?
Passify does not collect, report or transmit any usage or activity data of any kind.
To facilitate password generation, some data is recorded by Passify as part of each Generator. For example, the date and time when you last changed a password is recorded so that Passify's change reminder feature can function. This data remains encrypted, under your control and is not reported or transmitted.
If you enable certain features that rely on 3rd-parties (e.g. Syncing using a provider that is not controlled by you) there may be other privacy considerations. Please see the Passify Privacy Policy for more information.
How do I move my existing passwords into Passify?
Unfortunately, you can't. Passify has no mechanism for storing passwords. All passwords that Passify manages for you are algorithmically generated on-demand.
To migrate to Passify, you will need to replace your existing passwords.
In our experience, the easiest way to manage this migration is to do so slowly over time using the following practices:
- Whenever you need to log into an existing account that isn't already using a Passify password, take that opportunity to migrate your existing password to Passify.
- Whenever you set up a new account somewhere, use Passify to generate the password.
- If a website that isn't using a Passify password requires you to update or change your password, use the opportunity to migrate that password to Passify.
- If you're updating or adding 2-Factor Authentication to a login, update to a Passify password and use Passify to manage your 2FA as well.
Alternatively, you can simply update all of your passwords at once, but the choice is up to you.
Does Passify support Passkeys?
No. In order for Passkeys to work, special secrets must be stored on your device, and your device must be online and able to communicate with the authorizing service.
These two requirements conflict with Passify's principles of not storing passwords and working offline.