The MindYourPass on-the-fly Password Generator is a cybersecurity solution that gives you the strongest passwords possible without ever storing them. It is using a patented technology that allows you to use a single, easy-to-remember password for all your accounts, which MindYourPass uses to generate distinct, extremely strong passwords for each of your accounts. MindYourPass calculates your passwords on-the-fly. This means that it can recalculate your password when you need it. Because of this, the generated passwords do not need to be stored in something like a password vault.
OUR USERS ARE ANONYMOUS
MindYourPass is designed in such a way that you are anonymous. We don't know you and we like to keep it that way ;-) When we need to communicate with you, we ask for your consent by asking for your email address. When we're done we forget your email address. This way we cannot track you and we are proud of that.
The only exception is that we keep a list of email addresses of registered users. We cannot connect these email addresses to actual accounts. The only reason we record them is to be able to contact our users in case of an incident.
THE DATA WE COLLECT
Email address. In order to use the MindYourPass password generator, you need a MindYourPass account. During the registration process, we ask for your email address. The e-mail address is used to validate that you own the email address. As indicated, we store the email address in order to be able to contact you in case of an incident. Your account and the collection of email addresses are disconnected. This means that we cannot find your account given an email address, or find your email address given your account.
Master password. We also ask you to enter a master password. This password is not stored. Also not in hashed or encrypted form. It is your proof to the system that you are you.
Device identifier. We generate a device identifier based on the hardware profile of your device. We do not store the identifier itself but a derivation that cannot be tracked back to the identifier. We use device identifiers to ensure that we only handle password generation requests from devices that you authorized.
Additional information. We do not collect other information, such as names, phone numbers, physical addresses or IP-addresses
FOR NORMAL USE
Personal information. MIndYourPass users are anonymous. When signing into MindYourPass you provide a valid email address and your master password. These are not stored and cannot be used to identify you. They are used to derive an anonymous registration id. Passwords are generated based on this anonymous registration id. Generated passwords are not stored and not available on our servers because they are partly generated on your device. URLs are stored as part of the generation process. User names are synced and end-to-end encrypted across devices. The encryption keys are never accessible on our servers. There is no further personal data (such as IP addresses or account information) collected during the password generation process for instance for analytical purposes.
Device identifier. When signing in, we identify your device by calculating a device signature. From this signature, we drive a client identifier. This identifier cannot be used to derive the signature. The client identifier is used to check if the corresponding device is authorized (by you) to access the MindYourPass servers.