New Update Master Password, the App that Never Stores Your Passwords


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014

Master Password is a free password manager that does not store passwords on the devices it is run on or in the cloud. The password manager uses a different system when compared to traditional password management programs, such as Bitwarden or KeePass.

Instead of saving user generated passwords in an encrypted database, it computes strong unique passwords using a single master password and the user's name. Passwords do not get saved on the device or in the cloud, but the system that Master Password uses still supports usage on multiple devices without syncing.

Master Password for Android is a port of the iOS application of the same name. The original developer of Master Password published a revised version, called Spectre, in 2021 that is backwards compatible.


How Master Password works​

Master Password computes all passwords on every start using the user's selected master password and name. The method offers several advantages over traditional password managers.

One advantage is that there is no encrypted password database that may fall into the wrong hands. Other password managers store passwords in an encrypted container, which may be copied by malicious actors.

Since there is no password database, there is no need for synchronization or a cloud connection. Users just need to install the application on their other devices and use the same master password and user combination to generate the same passwords for the services that they are using. All of this happens offline, an Internet connection is not required.

The password manager generates a key from the username and master password to generate passwords for services. The service name, e.g., amazon or ghacks, is used in the computation, and a unique password is generated based on the data.

The beauty of the solution is that the user has to remember just a single master password and username. Service names are relevant as well, and most users may want to use the name of a company or domain for that

Users get a few configuration options when a new service password is generated for the first time. They add a unique name for the service and may specify the complexity of the password. The default is set to maximum security, which generates 20 character passwords that consists of letters, numbers and special characters. Options to switch this to less secure passwords, a PIN or phrases are also provided.

Internet services may still get compromised and there is a chance that attackers may obtain user passwords. Master Password includes a site counter option, which allows users of the service to generate a new password for any of the stored services to replace the compromised one.

The application remembers the names of the services and, if added by the user, the login name. An attacker could, in theory, gain access to the app on the Android device if the right master password is entered during login. An ingenious feature of Master Password is that it accepts any other master password as well.

Master Password includes a number of convenience features. The app supports categories and notes, there is an option to import and export data, visualize password age, and to block the saving of the username that is used during sign-in.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.