Common questions
Quick answers about trust, day-to-day use, authenticators, backups, pricing, and how to reach us.
How does My Password Vault protect my data?
Your entries are encrypted on your device before anything is synced, so the servers store ciphertext rather than readable passwords, and your master password is not sent to us. Google sign-in is used only to tie the encrypted vault to your account. No software can promise perfect security, so a strong master password and good device hygiene remain important on your side.
How do I use it? Will it feel simple day to day?
Sign in with Google, choose a strong master password, scan one QR code for two-factor authentication, then unlock to add or search entries. Auto-lock keeps the vault closed when you step away; sync picks up changes when you sign in on another browser or phone.
What is an authenticator app, what does it do, and which one should I use?
An authenticator app is an app on your phone or computer that generates short-lived numeric codes—usually six digits—for two-factor authentication. After set-up it shares a secret with your vault via the QR scan; unlocking requires your master password plus a fresh code so a stolen password alone isn’t enough. Use any reputable time-based OTP (TOTP) app compatible with Authenticator/Google-style setups, such as Google Authenticator, Microsoft Authenticator, Authy, FreeOTP, 1Password’s OTP field, Bitwarden, or compatible built-in Authenticator modes—pick one from a publisher you trust and keep it updated.
What if my authenticator app breaks, I lose my phone, or codes stop working?
Your encrypted vault remains in your account. On a new or reset device: sign in, download the latest vault from Devices & backup, enter your master password, then follow the prompts to scan a new QR code and link a replacement authenticator. After you confirm, old time-based codes stop working—that is expected—but your encrypted data was not erased. If you still have access to your previous authenticator, you can often unlock normally without resetting it.
How do I sync the iOS app with my web vault?
Cloud sync is tied to your sign-in account, not your device. On iOS, if you use Sign in with Apple and want the same vault as on the web, you must choose Share My Email when Apple asks—not Hide My Email. Hide My Email creates a private relay address and a separate account that will not match a web vault signed in with Google or your normal email. Easiest if you already use the web: tap Continue with Google on iOS with the same email. If you prefer Apple on iOS, pick Share My Email so your real address matches your web login. Already chose Hide My Email? Turn off My Password Vault under Settings → Apple ID → iCloud → Hide My Email (or at appleid.apple.com → Apps Using Apple ID), sign out in the app, and sign in again.
Is this free or paid?
The service is free to use for now. If that ever changes, we will announce pricing clearly beforehand.
What if I forget my master password?
Nobody (including us) can recover your passwords without your master password. If you lose it you must reset the vault and lose existing entries on that device. Cloud restore and encrypted backup files always require the same master password used when those backups were made.
Can I keep an offline backup?
Yes. After you unlock, open Settings → Offline JSON file (advanced) to download an encrypted export. Store it somewhere safe; you will still need the master password from the time of export to open it.
Who do I contact if something goes wrong?
Email contact@skyface.com for questions, bug reports, or feedback—we read incoming mail.