FAQ

Common GoblinPass questions

Short answers for people deciding whether GoblinPass fits how they want to manage passwords.

Can GitHub be hacked?

Any online service can have security problems. GoblinPass uses GitHub for public source visibility and hosting, not as a place to store your generated passwords. You can inspect the code and run your own copy if you prefer.

What happens if I forget my master password?

GoblinPass cannot recreate the same generated passwords without the same master password. Choose something strong, private, and memorable.

Can GoblinPass recover passwords?

No. GoblinPass is not a recovery service. It regenerates passwords from matching inputs, so forgotten or changed inputs can produce a different password.

Is Google required?

No. Google Security Factor is optional. If enabled, the same Google account is needed to regenerate matching passwords.

What if I lose my Trusted Device recovery key?

If Trusted Device Protection was enabled and the Trusted Device Key is lost without a recovery key, passwords generated with that device key cannot be recreated.

Does GoblinPass store passwords online?

No. GoblinPass is designed to run locally in the browser. The optional vault stores local metadata on your device, not full generated passwords on GoblinPass servers.