@jblok2 We hope the secret code, as something you can create/change in your mind, communicates that we truly aren't interested in users' passwords. Agree that time will probably help as well. And so glad you like the video! More than once we asked ourselves, "people will like this, right? Not think it's weird?" Thanks for a little validation.

@mazlix Thanks, Justin! You hit on what we hope for all of our users: that they become so familiar with their recipes, that they no longer need to reference the app, and can recall their passwords from anywhere. So our biggest role is in helping people come up with a great recipe. We show users how it's performing against a variety of site names, as it's being written, as well as which common password requirements are being fulfilled. And occasionally, you'll find a reason to replace a recipe, or write a new one altogether. So we want to make that fun and easy, and provide a means to store multiple recipes.

@mostlymarius needing to create a new password is my biggest issue with these "recipe/formula" password creators. they're great until you have to change one or two passwords. then you have multiple recipes, and you have to remember which one work for which passwords, which essentially defeats the purpose of the "easy-to-remember" system.

@mostlymarius Thank you so much for the kind words, Marius. And great questions. We've given those concerns a lot of thought. Here's how we tackled them: 1. Notes. At some point, you may encounter a site that doesn't accept the password your recipe produces. So we offered a "notes" field to jot down the adaptation you may need to make (e.g. "For bank, limit to 10 characters"). We imagined you could write a similar note in the event a single password needed to be changed (in the event of a breach). 2. "Enter Characters." This is an option in the word pool that lets you add an explicit character/phrase into your passwords. Perhaps you want to start every password off with "$5" so you wrote "Enter '$5'" as your first step. However, we also saw an opportunity for people to use it as a variable. So instead of "$5," you might use "birth year." This allows you to further protect your recipe with steps only you'll know how to execute. But, this variable idea is also useful for those office workers who have to change their password periodically. So that using a variable like "month" or "quarter" would allow them to avoid writing a whole new recipe. 3. Multiple Recipes. I use several. The recipe that includes my email account, for example, is significantly more secure than the recipe I use for Pandora, Netflix, etc. So there's no connection between my most and least secure accounts. Even with a single recipe, as you noted, you're at very limited risk. Someone would need to recognize your password as recipe-based, and potentially make a few guesses on how it was engineered. If you use a secret code, that could be especially difficult. And as our library of word pool options grows, the difficultly is increased even further. Lastly, I'll say this. It sounds like bull, but it's true. Coming up with a good recipe is satisfying, and the more you use the app, the more "tricks" you'll discover–ways to recall passwords faster, or type them more quickly, while maintaining good strength. Whenever I stumble upon one, I actually look forward to any poor excuse to write a new recipe and update every single password (in that category) so I can put my new trick to use.

@timwinfree Thanks so much for the thoughtful response, Tim! I'm glad and entirely unsurprised that you guys have given these things some serious thought. I'm looking at this from the perspective of someone who might be trying to introduce a non-techie to password management in general, so I'm weighing the demands of the recipe system against the demands of a password manager. The satisfaction you mentioned (and the general value of a metaphor as accessible as a cooking recipe) is very valuable during the onboarding phase, but I have to weigh that against the ongoing demands of the system. In my head I'm comparing to 1Password, my current solution. In essence, Password Chef asks its users to memorize a different kind of information than 1Password does—an algorithm instead of a master password. The advantage is that the algorithm IS the password—for everything—so you theoretically don't need the app. But I think the problem I'm having is that the "Mental Effort" portion of your chart is super important. The difference between minimal mental effort and a little is actually a huge divide. Besides security, the whole purpose of password management is convenience. Consider a practical example: logging into an account on your computer... Option 1: With no password manager, Steve McUserton pulls out his password notebook (this is a real thing I encourage family members to stop doing), flips through to the relevant letter, and painstakingly copies out each character. This generally happens twice because Steve's handwriting isn't great so he'll have to take another swing at some characters. Option 2: With Password Chef, Steve has repurposed his password notebook as bedding for his parakeet, and instead appeals to his memory to retrieve his password recipe...he remembers most of it, pops out his phone to check, then dutifully computes the password and logs in successfully. Or he remembers it correctly and doesn't need his phone at all. Either way, much quicker than his old method. Option 3: Steve tries out 1Password. Instead of an algorithm, Steve memorizes a song lyric that he loves. In fact, he's had it memorized since high school when his first kiss happened to that song, but he remembers which letters he capitalized and which he replaced with numbers to make a more secure master password. Once unlocked, 1Password logs in for him. If it was already unlocked, he could have just pressed Ctrl/Cmd + \ and not had to think about passwords at all. The crucial difference that worries me is that Password Chef asks for two things, not one: you must remember a recipe, and then use it to compute your password for any given login. For 1Password, you're only asked to remember a password. A long one, to be sure, but...it's one simple task and you don't have to manipulate the information you remembered, just type it in. You see my concern. And that's without even delving into the entirely new dimension of convenience afforded by TouchID in conjunction with 1Password's extension when you're on your phone. I guess my struggle is that while Password Chef is easier to grasp and get started with, it has some fundamental limitations to its convenience level, which could be a deal-breaker when considering day-to-day usage and long-term scalability for people. To be clear, I see this as a problem with the recipe system in general, it's not a problem with Password Chef specifically—I think it's obvious that yours is the finest implementation of this idea that I've encountered. None of this is meant negatively, by the way; I'm convinced that there are use cases for which the recipe system is undoubtedly better than a standard password manager (with or without a centrally stored database), but this is the kind of thinking that was going on in my head as I considered introducing family, friends, clients, etc. to the app.

@gonzocode Awesome! Thanks, Neil. It did actually start as a simple web app, but we ultimately decided letting this live offline made it more secure. No cloud database for us or the user to worry about. We're working on an Android version, but started with iOS largely because that's what we use personally.

@dredurr Yep! That's the fun part. In the app we call them "recipes." We found that doing so made communicating the idea much easier.