CarryPass User Manual

1. Introduction

CarryPass is a privacy-first, deterministic password and credential manager designed for offline use. It does not store your passwords — instead, it regenerates them securely on demand based on inputs you control.

2. Getting Started

CarryPass is a Progressive Web App (PWA), which means you can install it like a native app — no tracking, no account, and full offline support.

Install on Desktop

Open CarryPass in a compatible browser such as Chrome or Edge Look for the install icon in the address bar, then click it to install.

Optionally, pin it to your taskbar. You can now launch it like a regular app — even offline.

Install on Mobile

In Chrome Safari or Firefox open the CarryPass website and tap the Share icon (a square with an upward arrow).

Then tap “Add to Home Screen” and confirm with “Add” CarryPass now behaves like a native app — offline and just a tap away.

No account required: You are never tracked.
No cloud storage: All data stays on your device.
Fully offline: Works without internet after install.
Browser support: Chrome, Edge, Firefox, Safari.

3. Password Generator

CarryPass uses a deterministic password generator. This means the same inputs will always produce the same secure password — without ever saving it. No syncing, no cloud, no leaks.

How It Works

Service Name: Like "facebook.com" or "My Bank"
Master Password: Known only to you, never stored (same for all services, so you only have to remember one strong password)
Length & Character set: Choose how long the generated password to be and what types of characters (letters, numbers, symbols) should it have
Password Security: An advanced option to generate different outputs per service or version.

How It’s Secured

Argon2id: Adds memory-hard security to slow down attackers
PBKDF2: Further derives a strong key from your inputs
AES-CTR: Stream cipher ensures deterministic, secure password output
Offline-only: Everything happens in your browser — no data is sent or stored

First Time? Here's What to Do:

Pick a master password that only you know and can remember
Enter the name of the service you need a password for (e.g. "twitter.com")
Choose your character types and length (defaults are strong)
Tap Get Password — your secure password will appear
You can return anytime and regenerate it with the same inputs

Tip: You can also save your password generation settings (not the password!) for easier reuse — encrypted in your local storage.

4. Optional: Encrypted Local Storage

You may choose to store your password settings (not the password itself) in encrypted localStorage for convenience.

This feature remembers your preferred settings per service.
The data is encrypted locally using your passcode.
You can delete this data at any time from within the app.
You can optionally export the encrypted settings and import them if you change the device.

5. Team Configs & Admin Options

CarryPass allows an admin to securely distribute credentials to team members using encrypted vaults and QR onboarding.

Admins encrypt credentials per team or user.
Each user unlocks their vault using their member ID and their member password + optional TOTP code.
Vaults can expire and are validated with a checksum.
Admin never sees passwords after onboarding.

6. Security Tips

Use a strong master password (minimum 12 characters).
Do not reuse short or ambiguous service names.
Regenerate your password on any device with the same inputs.
Clear local storage if switching or handing over your device.

7. Frequently Asked Questions

What if I forget my master password?

There’s no way to recover your password. CarryPass never stores it. But if you remember the same inputs (service name + master password), it will regenerate the same password every time.

Are any passwords saved?

No. Your passwords are calculated, not stored. Only your settings can be optionally encrypted and saved locally — nothing else.

Can I move CarryPass to another device?

Yes. Since CarryPass doesn’t store your credentials, you can simply reinstall it on a new device. Use the same inputs to get the same results.

Is CarryPass secure even without internet?

Yes. It is designed to be offline-first. All cryptographic operations run in your browser using standard AES, PBKDF2 and Argon2id.