Generated or stored password?

When you are creating a new password, PfP will offer you a choice between a generated and a stored password. With the former, it will choose a strong unique password automatically. The latter allows you to enter a password that you choose yourself.

Choice between generated and stored passwords offered by PfP

The recommendation is to use generated passwords whenever possible. Why is that and when should you use a stored password?

Keyboard navigation

Do you prefer using the keyboard instead of clicking? All PfP functions can be reached using keyboard only, and it’s even more convenient than using the mouse.

The main keyboard shortcut you need is Ctrl+Shift+F which by default will open the PfP pop-up. There you can access all PfP functionality then.

Why enter the master password so often?

By default, PfP will lock your passwords after 10 minutes of inactivity. In order to access your passwords, you have to enter the master password again. This is inconvenient, so why is it doing this?

Once you’ve entered your master password, all passwords stored in PfP are unlocked. Anybody sitting in front of your device at that moment can retrieve any or all of them. That’s perfectly fine of course as long as that anybody is you. But what if you left your device unattended? Do you always lock your device when leaving? And if not, what it your co-workers, friends or even children open up PfP while you aren’t there?

Choosing a master password

A strong master password is the main protection of the data you store in PfP. With common passwords and dictionary words too easy to guess, you should go for something better.

When setting a new master password, PfP will aid you by indicating the strength of your chosen password. Red means a very weak password, green a good one. PfP will also recognize some common passwords and flag them as weak.

Data synchronization

PfP can automatically upload your data to a storage provider. This is useful to synchronize it between multiple devices or simply as an automatic backup.

Sync status displayed by PfP

The supported storage providers are currently Dropbox, Google Drive and any service supporting remoteStorage protocol. The provider isn’t being trusted in this setup, they can neither read not manipulate your data.

Recovery strategies

What if your PfP data ever gets corrupted or you simply don’t have access to your device? Usually this doesn’t mean that you have to recover access to all your accounts, there are various ways to recover your PfP data.

Backup options available on the All Passwords page

What’s so painful about passwords?

Why is this tool’s name stressing the pain of using passwords? The reason is that passwords are currently designed for robots with infinite and infallible memory, not humans. No person can come up with strong individual passwords for every website and remember them.

Actual people will resort to various strategies to cope with this situation. Usually it boils down to reusing passwords between websites and/or overusing “Forgot password” feature. Both have considerable security drawbacks.

Could my passwords be compromised?

There are plenty of malicious actors seeking access to your passwords. This article provides an overview of the common threats which might compromise your passwords.

Using PfP helps avoid several of these scenarios completely. For others, PfP will reduce the impact. The only scenario where PfP cannot help at all is a malware application running on your device.