Work in progress ...

Stop storing passwords

Start using a simple mnemonic

Next generation password manager

Allows you to work with classic and mnemonic passwords. No need for constant synchronization, no need to use a master password, no user restrictions.


For Android and Windows 10/11

passamaru - password manager

01. Main idea of passamaru

Classic password managers store all your passwords in one place and use one common master-password to protect them. This is their main vulnerability. It is enough to pick up only one key and all saved passwords will be available.

Passamaru is based on a fundamentally different concept, which sounds like: "Stop storing passwords." If you do not store passwords, then hacking the program and selecting keys loses all meaning. And this can be achieved thanks to mnemonics.

You are offered several options at once:
  1. Do not store passwords at all
    The most important passwords may not be stored anywhere at all. You don't even need to create entries in the program's library and you don't need to memorize them. Only you and no one else will know about the existence of these passwords. Such passwords are created using the mnemonic technique and only at the moment when they are needed. At the same time, the complexity and length of the password can be absolutely any. For understanding, just imagine a password of unlimited length, which is not stored anywhere, but which you can recover on any device with just one click.
  2. Store only technical data
    In most cases, only auxiliary information can be stored instead of real passwords. For example: login, site address, entry editing date, or just a few completely random characters. For outsiders, such information will be useless, and you can use it to recover your real password.
  3. Store passwords with dynamic protection
    If it is more convenient for you to store passwords, then in this case passamaru will use two encryption algorithms at once with two independent keys. But even if an outsider gains access to the library, he will encounter dynamic protection, which replaces the real password with a random set of characters. The thing is that, unlike classic password managers, passamaru never stores real passwords, even if you think you have saved them. It sounds strange, but this is possible due to the fact that passamaru uses a fundamentally different concept of work.

02. Main advantage

Thanks to the use of mnemonics and completely offline operation, the security of passamaru reaches a whole new level, unattainable in classic password managers. Hacking a program that doesn't store passwords makes no sense. The only way to steal a password is to intercept it with third party hardware or software. Therefore, it is recommended to use passamaru only on trusted devices.

03. Main disadvantage

Passamaru is more complicated than classic password managers and requires some time to understand and create your own behavior algorithm. Because of this, some users uninstall the app without even reading the instructions.
In fact, passamaru is designed in such a way that you create the level of complexity that suits you. The app doesn't force you to do anything you don't want to do. All you need is to understand the general principle of operation. Just start reading the instructions and see typical examples.
If you have never worked with mnemonics before and it is difficult for you to come up with your own mnemonic rule, then just start storing passwords in passamaru, as in classic password managers. Over time, you will get comfortable and will be able to gradually move to the use of mnemonics.

04. Capabilities and features

  • An unprecedented level of security when using mnemonics, unattainable in classic password managers
  • Creation and storage of classic passwords of any complexity
  • Creation of mnemonic passwords of any complexity without the need for storage
  • Ability to combine classic and mnemonic passwords with only part of the password stored
  • Storage of bank card data
  • Storage of text records
  • Simultaneous use of two encryption algorithms at once (AES-256 and cryptamaru) with two independent keys
  • Additional third encryption algorithm with random character substitution for the "Cards" and "Storage" sections
  • Ability to use a separate encryption key for each entry in the "Cards" and "Storage" sections
  • Dynamic encryption keys for each entry at the software level
  • You can remember and recover a password of any complexity, knowing only one initial character
  • Several operating modes designed for users with different requirements and tasks
  • Lack of network access at the operating system level to exclude surveillance of users
  • Manual synchronization between devices and creation of a backup archive under the full control of the user
  • Two-level mechanism for protecting mnemonic passwords from random coincidence for different users
  • The user can independently determine the degree of data protection and the level of complexity
  • For particularly sensitive passwords, you can leave no records and thus leave no digital footprint.
  • In certain circumstances, the program can be used without creating any entries in the "Passwords" library
  • The mnemonic master-password does not need to be stored somewhere and is easier to use with frequent authorization

05. Classics and mnemonics

There are two basic types of passwords:
  • Classic passwords
    Difficult to remember, so they need to be stored somewhere. Usually, password managers or a piece of paper are used for this.
  • Mnemonic passwords
    It is easy to remember and can be quickly retrieved from memory by following a series of simple steps. There is no need to store them, which significantly increases safety.
Passamaru can work with any types of passwords of any complexity without any restrictions, and also allows you to combine different types of passwords.

06. Mnemonic is very simple

The mnemonic is based on two simple steps:
  • Start value (base)
    Absolutely anything can be used as the basis of a mnemonic password: website or email address, username, pet name, e-wallet number, song title, device serial number, color, date, and generally any word, phrase, or even just one letter or number. That is what you can easily remember. At the same time, the basis of the mnemonic password does not have to be hidden, it can be stored in the clear and in a conspicuous place.
  • Sequence of actions
    For example: double click on the green button, then once on the red button, move the cursor to position 5 and click on the table cell with index 36.
    Before you start working with the program, you need to create and remember one common sequence of actions that will be used for all your passwords. You determine the complexity of the sequence yourself. But remember that it will not be possible to change it in the future. Only the starting value will change.

07. Try to remember the password: 5.L!}ByZ3R"bKV{'B9E_"tant]zNce,-

You don't really need to remember anything. This password is created using mnemonics in just one click. Yes, it only took one push of one button. Since this is a mnemonic password, you can repeat the same action on any other device and get the same result. At the same time, the created password is not stored anywhere, it is created each time according to a complex algorithm in response to your actions.
This needs to be said again. The password in this example is not just a random set of characters. This is a mnemonic password. It can be repeated at any time and on any other device by pressing the same button in the same way. You do not need to remember or write down every character of this password, you only need to remember one button.

08. Protection against random matches

The protection mechanism that uses two parameters at once is responsible for creating unique passwords for different users in the program: pin-code and master-key. For security reasons, it is recommended to use both of these options. In this case, no one can accidentally repeat your password, even if it is created in one click, as in the example above.
But if security is not important to you, then it is enough to use only a pin-code or even an empty pin-code and an empty master-key. The program does not impose any actions on you and provides complete freedom of choice.

09. Possibly the most secure password manager

If you use mnemonics, then the passwords are not stored anywhere and hacking the program loses all meaning. But even if you store passwords, then two algorithms are used at once to encrypt them: AES-256 and cryptamaru. And in order to gain access to encrypted data, you need to pick up not one, but two independent keys at once, as well as bypass dynamic protection for each entry. But this will not be enough, since passamaru does not store passwords.

10. Passamaru never stores passwords

If we talk about classic passwords, then any password is a regular text string. Even if password managers store them in encrypted form, they still contain real characters.
In passamaru, everything is arranged differently. Each character of the password is replaced with a cell index from the mnemonic table. In turn, the contents of the cells depend on the pin-code. Without the correct pin-code, you will get just a random set of characters.
If you use mnemonic passwords, then an attempt to crack the program and select a pin-code lose all meaning, since in this case the program does not even store indexes.

11. Don't leave a digital footprint

One of the advantages of mnemonics is that it allows you to hide the existence of an account and its password. Just don't create an entry in the program's library. In this case, if an outsider gains access to your program, he will not see entries that are not there. At the same time, using mnemonics, you can easily recover your password at any time and on any device.

12. Multilevel protection system

Unlike classic password managers, passamaru uses a multi-level protection system:
  • Pin-code
    Generates a unique mnemonic table, manages the program algorithms and partially encrypts data.
  • Master-key
    Together with the pin-code, it creates unique passwords for the current user.
  • Sequence of actions
    Generates unique passwords based on user actions.
  • Master-password
    Together with a pin-code, it encrypts data and closes access to sections of the program.
Remember, the more protection levels you use, the better your data is protected. In this case, you are not required to use a pin-code, a master-key, or even a master-password. The program will work without them. The choice is always yours.

13. Additional encryption key for the paranoid

In the "Cards" and "Storage" sections of the program, an additional encryption key can be used for each entry. This key is used to encrypt bank card data and user text using an obfuscated algorithm with random character replacement.
There is only one limitation, the algorithm works for languages: english (EN), russian (РУ). Over time, new languages will be supported.

14. Auto mode makes the job easier

The program has the ability to switch to automatic mode. In this case, for each of your actions, the program will create complex mnemonic passwords of the specified length. Click on any cell of the table or enter the site address and you will immediately get the result that does not require additional actions.

15. Record a macro from your actions

A mnemonic involves performing a series of actions to recover a password. On the one hand, these actions are one of the elements of protection, on the other hand, it can be difficult to repeat the same actions every time. In this case, the sequence of actions can be recorded as a macro and performed by pressing a single button. This is very convenient, but less secure.

16. You are not limited in anything

Passamaru is designed in such a way that it does not force the user to do what he does not want to do. You decide how to use the program, store passwords or not, use a pin-code or not, whether you need a master-password or not. You can just use only one "Key" page without storing anything in the library and without configuring anything. The choice is yours.

17. No tracking

Passamaru is focused on maximum security and does not spy on users. Moreover, the program does not have permissions to access the Internet, which means that the application cannot send any data to the developer or third parties. For this reason, synchronization between devices is possible only in manual mode by the user himself.

The project is created and supported by amaru: 2020 -2024


Password manager

Work in progress ...