Login

A lot of password managers force you to choose and remember a long and complex master password. Even if you use biometric data (e.g. fingerprint) you still need to write it down somewhere or actually memorize it for possible usage. Furthermore you are often allowed to create weak master passwords (which you maybe consider to better remember it).

With ANOTHERpass you can not create your own Master Password, it will be generated for you, so it is strong. Instead of memorizing you export it as QR code or NFC tag (or still write it down). You only need to memorize a self created PIN which can be much easier and shorter (at least 6 characters, but please not 123456 or similar ;-)). When login into the app you only need to remember that PIN and own the master password (QR code or NFC tag).

To make the app more convenient you can store the master password in the app (which is done encrypted of course!). If supported by your device the stored master password will be protected by your enrolled biometrics (e.g. fingerprint). So you just need the PIN to login and your finger. Here if you enter a wrong PIN X times (default is 3), the stored master password will be deleted and you need it directly to login again.

Since it feels insecure to carry the master password as NFC tag or QR code you can carry instead a so called Master Password Token. This is not the real master password but a token to login to the app. Also here, after x times of wrong entered PIN, this token will become invalid and you have to create a new one. And if you loose it, just create a new token and the old becomes invalid.

Password generation

Almost all other password managers have password generators but it is on you to use them. You can still create your own (weak) passwords there. ANOTHERpass has another approach. The app generates passwords for you. You may edit them manually, but remember, generated passwords are mostly more secure than human ones.

The problem with generated passwords is they are hard to read and to type. ANOTHERpass uses therefore so called Pseudo Phrases which are more readable and sound like real words. To increase readability they are formatted in 4 character long words. See an example here which represents the password “Qicayripevomnewafahe” with 20 characters! To guess this password you need to try over 3×10²⁴ (3.000.000.000.000.000.000.000.000) combinations! This is saver than a random 16 character password containing just lower case letters.

missing image

To ensure a hard to crack password this kind is longer then usual generated passwords. In fact the longer a password is the un-crackable it is. Better longer than mixed upper case and digits and special chars but short. This is what ANOTHERpass does. Pseudo Phrase passwords have a length of 4 words á 4 characters (16 characters totally) or more! Of course you can also generate ordinary random passwords (which are a bit shorter). And you can always specify to add digits and special characters as well, because this is often required.

Usage of passwords

ANOTHERpass supports the Android Autofill feature to easily select a credential to autofill into login forms. Besides Autofill you can also display a certain password as Overlay Window over other apps. This is helpful if you want to type a password from ANOTHERpass into another form by hand. Instead of switching between ANOTHERpass and the other app you can show the password in an overlay window as long as you need it. After that you just close the overlay window and the entire app by dropping it on the top edge.

missing image

Password obfuscation

You can decide to protect several passwords in your vault by obfuscating them. Hopefully never but if somebody gets your PIN and Master Password all credentials are readable for them. To protect these super important passwords you can obfuscate them by setting another codeword or password only for this credential password. Now the credential password is obfuscated by the other codeword, which means it is still readable and seems as a real password but only with the correct codeword it appears actually real. In other words, all possible codewords would let the credential password appear real but only you know the real codeword and therefore the real password. Note that only common letters, digits and some common special chars (!?-,.:/$%&@#) can be obfuscated. If you use other chars (e.g. German umlauts) they will remain unobfuscated.

Example: Your real (pseudo-phrase generated) password is “odmi ubew negy cire”. By obfuscating them with the codeword “MAGIC” it will appear “epcy ygoj hicu laka”. Any other codeword than “MAGIC” will show different passwords than your origin one.

Insecure clipboard usage

Many password managers allow copying passwords to the clipboard. This is dangerous because any other app on the phone can silently observe the clipboard and send its content away. With ANOTHERpass you cannot do that by default, but you can enable that feature if needed.

Sync to a cloud

A lot of password managers sync the data to their cloud. You don’t really have control over that data, even if it is encrypted. ANOTHERpass works offline, but therefore you are self-responsible to sync or backup your data. There is a function to export the vault (all your data) to a file. You can of course import this file in any ANOTHERpass app.

This file contains all your data of course encrypted. To make this vault file more secure, you can export it WITHOUT the Encrypted Master Key, which contains the core key to en- and decrypt your data. This key is encrypted with the above mentioned PIN and master password. The Encrypted Master Key can be exported as QR code or NFC tag as well. If you want to import a vault file created without that key, you will need the Encrypted Master Key physically.

Sync and share single credentials

ANOTHERpass provides options to export single credentials as NFC tag or QR code. You can decide to export it decrypted to share with other ANOTHERpass users or vaults. Or you export it encrypted to backup single credentials or to “outsource” them. That means you export it first and delete it afterwards from your vault. If you want to read or import it back, you just scan it within your vault. Since the credential is still encrypted with your Master Key nobody else than you can read it.

Autofill support

ANOTHERpass supports Android Autofill introduced with Android 8. You have to choose ANOTHERpass as Autofill service in the Android settings (“Autofill services”). The Autofill support is currently in beta state since heuristics to identify input text fields is quite complex. The app provides two strategies to detect such fields, one more and one less strict. If you encounter fields that are not detected for autofill, you should go to “Settings” / “Autofill” and enable “Autofill suggestion everywhere”.

Labels

All your credentials in your vault can be tagged with labels to categorize them. You can give the labels different colors to recognize them easier. You can also filter by them.

Self destruction

If you like you can activate Self Destruction Mode to delete the complete vault after X failed login attempts. This makes the app more secure even if you loose your device and somebody tries to login.

Automatic logout

When you login into your vault you can read (and change) all containing credentials. If you are done you should lock the app or logout from your vault. That ensures that subsequent (unauthorized) usage of the app requires to login again. Also after x minutes of inactivity the app locks itself to prevent unauthorized access.

Download the app

Frequently asked questions