Nothing to keep.

A password manager that stores nothing. Your passwords are recomputed on demand, identical on every device, with no cloud and no sync.

regenerating · never stored

Try it live Install for Chrome Pre-release Get the source

the magic moment

Same inputs in, same password out.

Watch it. The same three inputs always produce the same password — anywhere, anytime. There is nothing to store because there is nothing to lose.

master

·

site

·

email

·

argon2id

derived password

No network. No storage. The same function runs on every device — the extension on Chrome, the demo on this page, your phone tomorrow.

how it works

A function, not a vault.

Keyfount doesn't keep your passwords anywhere. It recomputes them on demand from three inputs you control — same inputs in, same password out, on any device, with nothing to sync.

01
You remember the master.

Pick a master password you can hold in your head. It never leaves this device.
02
We salt with site and email.

Each derivation mixes your master with the site's registrable domain and the email you use there.
03
Argon2id produces a password.

A memory-hard key-derivation function turns the inputs into a unique, reproducible password — and forgets.

the promise

Less to trust.

Most password managers ask you to trust a vault, a sync service, and the encryption around both. Keyfount asks you to trust a single algorithm — short enough to read in an evening.

No vault
Nothing to encrypt, decrypt, sync or leak.
No cloud
The extension makes zero network calls. Read the bundle and verify.
No telemetry
No analytics, no error reporting, no third-party SDKs.
Open source
Algorithm, UI and tests are MIT-licensed on GitHub.

A vault you don't own can't be stolen, leaked, or held hostage.

the design principle, in one line

derive.ts argon2id · MIT

export async function derive(master, site, email, counter) {
  const salt = utf8(`${site}|${email}|${counter}`);
  const raw  = await argon2id({ password: master, salt, iterations: 3, memory: 65536, parallelism: 1, hashLength: 32 });
  return shape(raw, profile);  // length, char classes, suffix rules
}

The whole derivation, in seven lines of TypeScript. Read the full algorithm →

install

Try it here.

Type a master password, a site and an email. The same algorithm the extension uses derives a password right in your browser — nothing is sent, nothing is stored.

honest objections

The questions you should ask.

A deterministic manager is different. Different brings honest trade-offs — here are the ones that matter.

01 What if I forget my master password?

There is no recovery — by design. The master never leaves your head and never lives on a server, so no one (including us) can reset it. Pick a master strong enough to keep, weak enough to remember. The extension supports an optional, locally-encrypted backup hint to help you settle on one.
02 What if a site forces me to change a password?

Every entry has a counter. Bump it from 1 to 2 and the algorithm derives an entirely new password for the same site — no master change needed. The counter is the only thing the extension actually remembers, and it's just a small integer per domain.
03 How do I migrate from my current manager?

Gradually. Keep your existing vault read-only. For each site you actually use, log in once, change the password to a derived one, and stop syncing that entry. After a few weeks, the vault is empty and you can delete it. No risky bulk import.
04 What about sites with weird password rules?

Each site can have its own derivation profile — length, character classes, suffix rules. The extension stores those profiles (just metadata, never the password itself) so the same site always derives a password that the site will actually accept.
05 Can I trust an algorithm you wrote?

Don't. The derivation is Argon2id, the same memory-hard function recommended by OWASP and used by 1Password's secret key, applied to a small, public mixing scheme. The whole source is on GitHub under MIT, the bundle is reproducible, and the network tab stays empty when you use it. Verify, then trust — in that order.

install

Bring it to your browser.

The extension is in pre-release. The source builds today; the Chrome Web Store listing is next. Star the repo to hear about it.

Get the source Try it live

Nothing to keep.

You remember the master.

We salt with site and email.

Argon2id produces a password.

Bring it to your browser.