What is NOWPASS?

NOWPASS is an Open Source password manager. It's divided into multiple projects, from the REST Api server, over the browser extensions to the desktop and command line clients

How do I use NOWPASS?

There are multiple ways to use NOWPASS:

  • With nowpass.org as backend API server

    You can just register on this website and than use https://nowpass.org as API server. Just download the Chromium / Google Chrome extension (also works in Vivaldi and Opera) and the other NOWPASS applications you want to use (like the Desktop application or the Python command line client)

  • With your own backend API server

    Set up your own NOWPASS server locally or on a server. Check out the GitHub repository for more information.

Is NOWPASS secure?

Clear text passwords are never transmitted to the API server (or anywhere else) or stored anywhere. NOWPASS is using AES-CBC-256 encryption to protect your passwords, secure notes etc..

Why is the passphrase not tested?

If you enter a wrong passphrase you don't get a warning, the clear text is just going to be garbage. This is because NOWPASS encrypts every item separately. So you could even use different pass phrases for different elements.

What technology is used for NOWPASS?

NOWPASS includes only trusted, reliable tools that the developers feel comfortable using on our own projects.

  • Sails.js - Backend API and this website
  • Vue.js - Front-end framework on this website and in the extension.
  • Axios - AJAX / xhr requests to the API server.
  • Bootstrap 4 - Front-end component library
  • Font Awesome - Icons
  • parasails.js - Thin layer of bundled conventions for using Vue.js with Sails.js
  • Python 3 - For the command line client
  • cloud.js - Dynamically-generated SDK for handling requests from the front-end to the actions in your Sails app. (More info on usage below.)

How do I verify my user's email addresses?

By default, email verification is neither required for signup, nor for when an existing user changes their email address from their account page.

How do I finish setting up Mailgun?

To use Mailgun, you'll need to sign up for an account. (While this is a paid service at higher usage levels, you should be able to use Mailgun as much as you need to in development without having to provide any credit card information.)

After you've created an account, you'll need to add your Mailgun domain and API secret to your custom config. (In development, this will be either in config/custom.js, or in a local.js file you add to your config/ folder. For your staging or production deployment, you'll want to set these using system environment variables -- aka "config variables" in Heroku.)

If you already own a domain for your app, you can follow Mailgun's instructions for configuring a sending domain.

Otherwise, to send emails from this app without configuring a sending domain, you can use the sandbox domain & test API secret that comes with your Mailgun account. Just be sure to configure the authorized recipents for your sandbox domain first, or there will be errors from the endpoints that attempt to send emails.

Where can I go for more help?

If you run into trouble, you can often find the answer in the Sails.js documentation. Make sure you also check GitHub