# LessPass — Stateless Open Source Password Manager > Deterministic password manager that computes passwords on the fly from a master password without storing anything. ## Install Save in your project root: # LessPass — Stateless Open Source Password Manager ## Quick Use ```bash # Self-host the web app docker run -d -p 8000:8000 -e LESSPASS_ADMIN_PASSWORD=changeme lesspass/lesspass:latest # Or use the CLI pip install lesspass lesspass example.com user@email.com masterpass ``` ## Introduction LessPass is a stateless password manager that generates unique, strong passwords deterministically from a master password, a site name, and a username. Unlike traditional password vaults, LessPass does not store encrypted passwords anywhere. The same inputs always produce the same output, so your passwords are available on any device without syncing. ## What LessPass Does - Generates unique passwords from master password, site, and login inputs - Produces consistent results across all devices without any stored data - Offers customizable password rules (length, character types, counter) - Provides browser extensions for Chrome, Firefox, and Edge - Includes an optional self-hosted server for saving password profiles ## Architecture Overview LessPass uses PBKDF2 with 100,000 iterations of SHA-256 to derive passwords deterministically. The core algorithm runs entirely client-side in the browser or CLI. The optional server component is a Django REST API backed by PostgreSQL that stores only password profiles (site, login, options) — never the master password or generated passwords. ## Self-Hosting & Configuration - Deploy the server via Docker Compose for profile synchronization - Configure the admin password and database via environment variables - Access the web frontend directly from the Docker container - Install browser extensions and point them to your self-hosted instance - Profiles are optional; the pure stateless mode needs no server at all ## Key Features - Zero-knowledge architecture with no stored passwords - Works offline with no server or sync required - Deterministic generation ensures the same password on every device - Adjustable password complexity with length and character set controls - Counter mechanism for rotating passwords without changing the master ## Comparison with Similar Tools - **Bitwarden** — encrypted vault-based; LessPass is stateless with no vault to breach - **KeePassXC** — local encrypted database; LessPass computes passwords without storage - **1Password** — cloud-synced vault; LessPass generates passwords on demand - **Spectre (Master Password)** — similar stateless concept; LessPass offers self-hosted profile sync ## FAQ **Q: What happens if I forget my master password?** A: There is no recovery mechanism. LessPass never stores your master password. You must remember it. **Q: Can I change a generated password for a specific site?** A: Yes, increment the counter value for that site to generate a new password while keeping the same master password. **Q: Is the self-hosted server required?** A: No. The core functionality is fully client-side. The server only stores profile metadata for convenience. **Q: How secure is the password generation?** A: LessPass uses PBKDF2 with 100,000 SHA-256 iterations, making brute-force attacks computationally expensive. ## Sources - https://github.com/lesspass/lesspass - https://www.lesspass.com --- Source: https://tokrepo.com/en/workflows/asset-e1542cab Author: AI Open Source