The Problem with Storage
Most people use password managers that store their secrets in a "vault." Whether IT'S a cloud service or a local file, that vault is a target. If the service is breached, your entire digital identity is at risk.
FrankPass is different. We don't store. We generate.
What is a Stateless Password?
A stateless (or deterministic) password generator uses an algorithm to convert a set of inputs (like a website name and a secret key) into a unique password. No data is ever saved to a disk or a server.
Input + Math = Password
Same input always produces the same output. No database required.
Why It's Better
- Unbreakable: We use PBKDF2 with 1,000,000 iterations and HMAC-SHA512. This level of hashing makes it computationally impossible for even supercomputers to guess your password in any reasonable time.
- Zero Hackability: Since there is no database to hack, there is no single point of failure. Even if a website where you use a FrankPass password is breached, your Master Key remains safe in your head.
- Access Anywhere: You don't need a specific app synced to your phone. You just need the FrankPass math (which is this website) and your memory. While we will launch convenient browser extensions in the future, the core web experience will remain free forever.
Addressing the "Argon2" Question
While some modern systems use Argon2, we currently utilize a highly-tuned PBKDF2 pipeline. Why? Because PBKDF2 is built into every modern browser's native security engine (Web Crypto API), making it extremely fast for you but prohibitively slow for hackers.
At 1,000,000 iterations, your browser spends a fraction of a second generating the password, but a hacker's GPU would spend centuries trying to guess it.