When you are creating a new password, PfP will offer you a choice between a generated and a stored password. With the former, it will choose a strong unique password automatically. The latter allows you to enter a password that you choose yourself.
The recommendation is to use generated passwords whenever possible. Why is that and when should you use a stored password?
By default, PfP will lock your passwords after 10 minutes of inactivity. In order to access your passwords, you have to enter the master password again. This is inconvenient, so why is it doing this?
Once you’ve entered your master password, all passwords stored in PfP are unlocked. Anybody sitting in front of your device at that moment can retrieve any or all of them. That’s perfectly fine of course as long as that anybody is you. But what if you left your device unattended? Do you always lock your device when leaving? And if not, what it your co-workers, friends or even children open up PfP while you aren’t there?
A strong master password is the main protection of the data you store in PfP. With common passwords and dictionary words too easy to guess, you should go for something better.
When setting a new master password, PfP will aid you by indicating the strength of your chosen password. Red means a very weak password, green a good one. PfP will also recognize some common passwords and flag them as weak.
PfP can automatically upload your data to a storage provider. This is useful to synchronize it between multiple devices or simply as an automatic backup.
The supported storage providers are currently Dropbox, Google Drive and any service supporting remoteStorage protocol. The provider isn’t being trusted in this setup, they can neither read not manipulate your data.
What if your PfP data ever gets corrupted or you simply don’t have access to your device? Usually this doesn’t mean that you have to recover access to all your accounts, there are various ways to recover your PfP data.
Why is this tool’s name stressing the pain of using passwords? The reason is that passwords are currently designed for robots with infinite and infallible memory, not humans. No person can come up with strong individual passwords for every website and remember them.
Actual people will resort to various strategies to cope with this situation. Usually it boils down to reusing passwords between websites and/or overusing “Forgot password” feature. Both have considerable security drawbacks.