Master Password is a password generation software designed by Maarten Billemont. It’s based on an algorithm that ensures passwords can never be lost. It’s entirely self-contained and doesn’t require internet access, so you can access your passwords no matter where you are, without worrying about the man in the middle attacks or other security risks.

Master Password doesn’t store passwords anywhere, it generates them on demand using your name, the site, and your master password. Your passwords aren’t changing.  They are the product of your name, master password and the site’s name.  So long as those remain constant, the password remains constant. There is also no risk of passwords being intercepted because they aren’t being transferred over the internet “by the app”. Of course, what you do with the password after you get it from the app is entirely up to you.

We asked Maarten about the concept and here is what he had to say:

The reason Master Password protects you against seizure is because you can easily wipe your data or change your master password temporarily.  Let’s say you’re travelling and are planning on crossing the U.S. border.  Knowing the border guards have far-reaching authorization to probe you and confiscate your electronics, you change your master password to a fake one before crossing the border.  This will change all the passwords generated by your app (making them all wrong).  When you are done travelling, you can change your master password back to the original and get your correct passwords again.  If your device is seized or you are compelled to give up your master password, you can do so, without risking any of your site passwords being compromised.

In an age where the NSA and law enforcement provides the biggest risk to privacy, Master Password provides arguably one of the best secure password management solutions.

The Good

Master Password is free to use and is available for Apple, Android, and Web. For average users, this software provides all the security you need by providing randomized passwords for all your websites. It’s a unique idea and an ingenious algorithm.

The Bad

There are still ways to get around Master Password’s security. For instance, if you have a keylogger installed on your device (either from downloading malware, or from someone directly installing it) someone could get your master password, and thus gain access to all of your websites. And if someone really wanted to, they could probably force you to give them the master password, either by a threat of force or arrest.

Conclusion

Master Password is a great product for security-minded users. It provides one of the most secure password management systems on the planet, although pretty much anything can be hacked nowadays. 99.9999% of the time, though, Master Password keeps accounts (almost) completely secure.

The primary claim here is that Master Password isn’t a service.  Like LastPass, it doesn’t store your passwords in the cloud.  It doesn’t sync them between servers.  In fact, Master Password does not provide any kind of service, which means you do not need to rely on or trust the app.  It just provides an open-source, verifiable, audible, security product. Which we think should be good enough for most us!