Keyana
Generate strong, unique passwords for each website from one memorable private phrase. Everything is derived locally in your browser — no account, no sync, no server.
Keyana does not store your private phrase. If you forget the phrase, domain, username, or version, the same password cannot be reproduced. A strong private phrase matters — avoid common passwords, names, birthdays, and short phrases.
-
1
You enter a website domain, optional username, your private phrase, and a version number. Keyana normalizes the domain (lowercase, strips
www.) and combines all inputs into a deterministic derivation context. - 2 Your private phrase is fed through PBKDF2 with SHA-256 and 600,000 iterations, salted with the normalized domain, username, and version. This produces a 256-bit master key unique to each site.
- 3 The master key is expanded using HKDF (HMAC-based Key Derivation Function) to generate enough pseudorandom bytes for password construction.
- 4 Bytes are mapped to your chosen character set using rejection sampling — eliminating modulo bias that would otherwise make some characters more likely than others.
- 5 The result: same domain + username + phrase + version always produces the same strong password. Change any input and you get a completely different one.
Data leaves your device? Never. All derivation happens in your browser using the Web Crypto API. No server, no sync, no storage, no analytics. Keyana does not store your private phrase or generated passwords anywhere.
Use with Vaultana. Keyana is for derivation — it generates passwords from your phrase. For convenience, save generated passwords in Vaultana after creation. Keyana derives; Vaultana stores.