Frequently Asked Questions
Your Stashword is a master password or phrase that only you know. This key is used to unlock your vault. When you want to view, edit or share your passwords you will need to provide this key. It is important to know that your Stashword is never stored in our database. In fact, it never leaves the device into which you type it. This means that if you lose your Stashword, we can’t help you. You will have to start over with your Stashword account.
What is my login password and how is it different from my Stashword?
With other password managers, someone who is able to guess your login info could easily access all your passwords. Remember your Stashword is different from your password so the security of your vault is multiplied right from the get-go without having to do any other setup. At Stashword, your login password can be thought of as how we verify your identity before we even let you near your vault. We use it to confirm your access before we pull your encrypted passwords from our server to your browser or device.
If the Stashword is the key to your safe, the login password can be thought of as the key to the closet in which you keep your safe. It’s easy to understand from a security standpoint why the two keys should be different. We will keep a copy of the first key, and can fetch it for you if needed, but never the second.
In other words, we have multi-factor authentication by design – right from the beginning – and not as an afterthought. This separates us from other password management solutions. Even if someone somehow guesses your login password for Stashword, your vault is still safe because it is locked by a completely separate Stashword.
If you are on a private computer or mobile device, you can choose to remain logged in to Stashword. We will remember your device and keep you logged in. This saves you having to memorize your login password, and make your Stashword the only password you will need to enter to access your vault. Selecting “Keep me logged in.” means you will only need your login password if you are visiting Stashword.com from a new device.
What is third-party authentication?
Third-party authentication is an alternative to a login password. It’s a way of verifying your identity on your device by seeing if you are logged in to another application. For example, if you have authenticated your Stashword account through Facebook and you are logged into Facebook on your computer, we can use this information to automatically log you in to Stashword. We currently support third-party authentication through Facebook, but plan to add support for additional services in the future. Using third-party authentication allows you to skip the Stashword.com login process, but you will still be required to enter your Stashword in order to open your vault.
Users who sign up for Stashword via third party authentication can always create an additional Stashword.com login password to tie to their verified email in the case that they want to close their third party account without losing access to Stashword.
How is my login password saved?
How is my Stashword used to lock my vault?