Frequently Asked Questions

FrankPass is a stateless, deterministic password generator. Instead of storing your passwords in a vault, it derives them mathematically each time from three inputs you provide: a platform name, your secret key, and a variant number. It uses PBKDF2 and HMAC-SHA512 with 1,000,000 iterations — running entirely in your browser via the Web Cryptography API. Zero cloud, zero storage, zero accounts. The same inputs always produce the same password, on any device, forever.

Traditional password managers encrypt your passwords and store them — either on their servers or in a local file. This creates a target. When LastPass was breached, attackers downloaded millions of encrypted vaults and began cracking them offline. FrankPass stores nothing. There is no vault to steal, no file to crack, no database to breach. Your passwords are re-derived mathematically on demand from inputs that never leave your mind or your device. The security model is architecturally different, not just incrementally better.

Nothing changes for you. If you've installed FrankPass as a PWA (tap the install icon in your browser), it works fully offline and permanently — even if this domain expired tomorrow. The algorithm is open, documented, and based entirely on web standards (PBKDF2 + HMAC-SHA512), so it can always be re-implemented by anyone. Your passwords are mathematical outputs, not stored data — they can't disappear because they were never stored.

Never. Your Secret Key is processed only in your browser's volatile memory and is never transmitted to any server, never written to disk, never logged anywhere. To reinforce this, FrankPass automatically clears the Secret Key input field after 2 minutes of inactivity. No network request is ever made during password generation — you can verify this by opening your browser's network tab before generating a password.

Yes. Once the page has loaded once, you can disconnect your internet and the generator continues to work perfectly. The entire cryptographic computation happens inside your browser using the Web Cryptography API — no server is contacted during generation. For permanent offline access, install FrankPass as a PWA: look for the install icon in your browser's address bar, or go to your browser menu and choose "Add to Home Screen". After installation, FrankPass works like a native app — no internet required, ever.

Because FrankPass is zero-knowledge and stateless, there is no "Forgot Password" feature and no recovery mechanism — by design. Your Secret Key is the mathematical foundation of every password you've ever generated with it. If you forget it, you will need to reset your passwords on every affected website individually. This is why we strongly recommend choosing a Secret Key that is deeply memorable to you — a personal phrase, a pattern based on a meaningful memory, or a lyric only you know. Write it down and store the physical copy somewhere extremely secure (like a safe), separate from your devices.

The cryptographic engine uses only open web standards — PBKDF2 and HMAC-SHA512 via the browser-native Web Cryptography API. There is no proprietary or custom cryptography. The algorithm is fully transparent and auditable: the entire derivation logic is in frankpass-core.js, which you can inspect in your browser's developer tools. No black boxes. No security through obscurity. The algorithm is documented in full in the documentation.

FrankPass works on any browser that supports the Web Cryptography API — which means all modern browsers: Chrome, Firefox, Safari, Edge, Brave, Samsung Internet, and Opera, on desktop and mobile. No plugins or extensions are needed for the free web generator. The browser extension (Pro feature) currently supports Chrome, Firefox, Edge, and Brave.

FrankPass uses purchasing power parity (PPP) pricing to make the Pro extension accessible globally. Users in India see prices in Indian Rupees (INR) that reflect local purchasing power, while users in other countries see USD pricing. Your country is detected automatically based on your selection in the country dropdown, and the pricing updates immediately. This is the same approach used by platforms like Spotify and Netflix for regional pricing.

Think of the Variant as a password rotation counter. Two situations call for it: first, if a website forces you to change your password periodically — simply increment the Variant from 1 to 2 (or 3, 4, etc.) to generate a brand-new, secure password for that platform without changing your Secret Key. Second, if you believe your account was compromised — incrementing the Variant immediately invalidates the old password and produces a fresh one. Always remember which Variant number you're using for each platform, since you'll need to match it every time you log in.

Yes. Use the length slider in Advanced Options to set any length between 8 and 32 characters. The Max preset automatically sets it to 32. If a website rejects your password — some older sites have maximum length limits or prohibit symbols — try these steps in order: first, lower the length slider; second, switch the Profile to "Simple" (alphanumeric, no symbols); third, generate again. Critically: note exactly which settings you used, because you must use those same settings every time you log in to that website.

The web generator at frankpass.com is completely free — forever. No account, no trial expiry, no credit card. FrankPass Pro adds the browser extension, which brings 1-click auto-fill, multi-profile management, and automatic platform detection — but the core generator you need for daily use costs nothing. There is no time-limited trial for Pro, but you can fully evaluate FrankPass using the free web tool before purchasing.