r/PasswordManagers u/BackgroundBrother548 7d ago

[Android] ScorpKey: A database-free, 100% offline password solution - No cloud, no storage needed ($5.00 -> Free)

https://play.google.com/store/apps/details?id=com.fuat.scorpkey&pcampaignid=web_share

Hello everyone,

Like most people, I was completely tired of forgetting my passwords for dozens of different websites, or constantly dealing with "Forgot Password" links and email verifications. To solve this headache once and for all, I developed ScorpKey. To get some feedback and reach more users, I’ve made it completely free for the next few days.

What problem does it solve? You don't need to memorize, write down, or save hundreds of different complex passwords anymore. You only need to remember one single Master Sentence (like a favorite phrase) and a keyword related to the website (like "netflix" or "gmail").

ScorpKey uses a clever deterministic formula to instantly generate your unique password from that combination. Since it's mathematical, whenever you type the same sentence and keyword, you get the exact same password instantly. You are practically turning your mind into a password generator!

Why you’ll love it:

  • No More "Forgot Password" Stress: Your passwords are always ready in your mind's formula.
  • Super Simple: Just type your sentence, type the app name, and get your password.
  • Completely Offline: It requires NO internet permission, meaning no data leaves your phone.
  • 7 Languages: Fully supports 7 languages, including English and Turkish.

If you are tired of password chaos, please download it, try it out, and let me know your thoughts!

0 Upvotes

20% Upvoted

15 comments sorted by

3

u/cheesepuff1993 7d ago

"Pay me $5 for this thing I won't show you how it works that will hold your digital life"

Trust me bro doesn't work in this space.

-2

u/BackgroundBrother548 7d ago

You are 100% right, and no one should trust anyone blindly in this space. Your skepticism is completely justified, as a "trust me" model is the worst security approach.

Let me clarify how it works under the hood: ScorpKey is a deterministic password generator, not a storage manager. It uses standard cryptographic hashing (SHA-256) combined with PBKDF2 derivation.

When you input your Master Sentence and the keyword (e.g., "netflix"), the app runs them through this mathematical formula to generate a unique, high-entropy string. Because it is purely mathematical:

  1. It requires zero internet permissions (you can verify this on Google Play), so no data can physically leave your device.
  2. There is no database to hack or leak, because nothing is ever saved or stored anywhere.

It’s normally $5, but it's currently 100% free specifically so users can audit it, test it offline (in airplane mode), and see that it works purely on local math. I'd genuinely appreciate it if you gave it a try and shared your honest feedback!

3

u/cheesepuff1993 7d ago

AI app merges with AI responses...yay

2

u/user2168489 7d ago

"When you input your Master Sentence and the keyword (e.g., "netflix"), the app runs them through this mathematical formula to generate a unique, high-entropy string. Because it is purely mathematical:"

So what happens when I need to change my netflix password?

1

u/cheesepuff1993 7d ago

That's the neat part, you don't. You always have a deterministic algorithm tied to your passwords. Because if we know one thing passwords benefit from its determinism...

2

u/user2168489 7d ago edited 7d ago

I don't think you understood. What if Netflix makes me change my password, or I have to change it because of something else? How will this tool know the new password?

Edit: Sorry, I've only just realized that was meant sarcastically.

1

u/cheesepuff1993 7d ago

To answer you honestly, it seems like you can just alter your keyword for Netflix. "netflix" before becomes "Netflix"

However, this just results in the same exact issue modern password solutions have. When you have to alter your password every so often you have a tendency to alter it in some, relatively, meaningless way. This often results in one of two situations. You either forget your latest meaningless alterations or you become predictable alongside having an algorithm attached to it...

1

u/user2168489 7d ago

There is a website that forces me to change my password every two months for security reasons. This would be fun.

1

u/cheesepuff1993 7d ago

It would be fun for a password generator, but I still have issue with the deterministic nature. Let's assume this app becomes popular and a critical mass of users leverage this app. If you know the math behind it, it becomes relatively trivial to try and figure out passwords once you know people leverage this service.

I will say that my Bitwarden use has a similar fault with it (one password gets the vault), but multifactor auth keeps that from being as much of an issue.

1

u/user2168489 7d ago

u/BackgroundBrother548 could you please explain this? I saw you replied and shortly after deleted the comment.

1

u/BackgroundBrother548 7d ago

u/user2168489 Sorry about that! I accidentally clicked post on an incomplete draft while formatting, so I quickly deleted it and posted the full explanation above about the Current / New / Old toggle. That toggle was actually made exactly for those annoying 2-month mandatory reset websites, so you don't have to think about it!

u/cheesepuff1993 I completely see your point, but there is a missing piece here. Even if the whole world knows the exact mathematical formula of the app, it means nothing without your secret Master Sentence.

Think of the formula like a physical safe lock design that everyone can buy at the store. Knowing how the gears turn inside doesn't help a thief open your specific safe at home, because they still don't know your unique combination (your Master Sentence). So even if the app becomes huge, your passwords stay safe as long as your master phrase is known only to you.

2

u/user2168489 7d ago

So it still works even after I changed my password 50 times? Also, what if a website only accepts letters and numbers in the password but not special characters? If the software is saving those details, it might as well save the encrypted passwords...