Security Last Updated: November 2025

Security & Compliance

StoryPass uses cryptographically secure random number generation and aligns with NIST guidelines for password security.

CSPRNG Verified

Uses Node.js crypto.randomInt() for unbiased random selection

No Storage

Passwords generated client-side, never transmitted or stored

36.91 Bits Entropy

Working toward 64-bit NIST compliance via corpus expansion

No Bias

All scoring/weighting removed; uniform distribution verified

Current Status

Characters 5,085 12.31 bits
Actions 5,009 12.29 bits
Places 5,059 12.30 bits
Combined 36.91 bits entropy

How Password Generation Works

1

Count Query

Get total count of available items (with filters applied)

2

Random Index

Generate crypto.randomInt(0, count) for unbiased selection

3

Fetch Item

Use database OFFSET to select item at random index

4

Assemble Locally

Password is combined in your browser - we never see it

Why Trust StoryPass?

Zero Knowledge

We literally cannot see your passwords. They're assembled in your browser.

Bank-Grade RNG

Same cryptographic randomness used by financial institutions.

Open Methodology

Our security practices are documented and auditable.

Measured Entropy

We show you exactly how much randomness is in your password.

References

Ready to Try Secure, Memorable Passwords?

Generate your first StoryPass password in seconds. No signup required.

Generate Now View Pricing