"Your mind is your fortress."
Mind Vault is a browser extension that generates unbreakable, unique passwords using SHA-256 cryptography. It is completely stateless, meaning it never stores, saves, or transmits your passwords.
Traditional password managers store your keys in a database (cloud or local). If that database is hacked, your secrets are exposed.
Mind Vault works differently:
- No Database: Passwords are calculated mathematically on-the-fly.
- No Cloud: Everything happens locally in your browser using the Web Crypto API.
- Deterministic:
Master Seed+Service Namewill always generate the same password.
- Cloudless Sync: Access your passwords on any device without internet. Since the math is deterministic, you get the same password everywhere without needing a cloud account.
- Military-Grade Encryption: Uses SHA-256 to hash your inputs.
- Stateless & Offline: Zero data storage. It works completely offline.
- "Safe Set" Characters: Generates passwords compatible with 99% of websites (letters, numbers, and standard symbols like
!@#$%*-_+=). - Anti-Typo Safety: Includes a visibility toggle ("Eye" icon) that auto-hides after 5 seconds to prevent shoulder surfing.
- Smart Clipboard: Copies the password and encourages "copy & forget".
- Multi-Language: Native support for English 🇺🇸 and Spanish 🇪🇸.
(Link pending - Coming soon!)
- Clone this repository or download the ZIP.
- Open Chrome and navigate to
chrome://extensions/. - Enable Developer mode (top right switch).
- Click Load unpacked.
- Select the folder containing the
manifest.jsonfile.
The generation process is transparent and auditable:
- Input: Takes your
Master Seedand theService Name(e.g., "gmail.com"). - Salting: Concatenates them:
Seed || Service. - Hashing: Applies SHA-256 to the result string.
- Mapping: Converts the resulting hash bytes into a human-readable string using a custom "Safe Character Set" to ensure strong entropy.
Mind Vault is built to defend against modern vulnerabilities:
- 2FA is Not Enough: Two-Factor Authentication (2FA) methods can be compromised via phishing or SIM swapping. Your complex, unique password remains the crucial first line of defense.
- Biometrics are Permanent: Biometric data (Face ID, Fingerprint) cannot be changed if compromised by sophisticated hardware or deepfake technology. Mind Vault allows you to change your Master Seed instantly if a breach is suspected, offering a layer of revocable security that biometrics lack.
- Permissions: Minimal permissions required (
clipboardWrite). We do not ask for "Read/Write data on all websites". - Local Processing: All logic runs in
popup.js. No external API calls are made. - Memory Hygiene: The extension popup is destroyed immediately after use, clearing variables from memory.
Mind Vault is free and open source. If you find it useful, you can support its development:
This project is licensed under the GPLv3 License - see the LICENSE file for details.
Created with ❤️ for privacy enthusiasts.