Can GitHub be hacked?
Any online service can have security problems. GoblinPass uses GitHub for public source visibility and hosting, not as a place to store your generated passwords. You can inspect the code and run your own copy if you prefer.
FAQ
Short answers for people deciding whether GoblinPass fits how they want to manage passwords.
Any online service can have security problems. GoblinPass uses GitHub for public source visibility and hosting, not as a place to store your generated passwords. You can inspect the code and run your own copy if you prefer.
GoblinPass cannot recreate the same generated passwords without the same master password. Choose something strong, private, and memorable.
No. GoblinPass is not a recovery service. It regenerates passwords from matching inputs, so forgotten or changed inputs can produce a different password.
No. Google Security Factor is optional. If enabled, the same Google account is needed to regenerate matching passwords.
If Trusted Device Protection was enabled and the Trusted Device Key is lost without a recovery key, passwords generated with that device key cannot be recreated.
No. GoblinPass is designed to run locally in the browser. The optional vault stores local metadata on your device, not full generated passwords on GoblinPass servers.