LessPass style
Site
+
Login
+
Master Password
=
Password
Stateless comparison
LessPass helped popularise stateless password generation. GoblinPass keeps that repeatable-password idea, then adds optional local and hardware-backed layers for people who want more control.
Requires an extra secret phrase.
Password is tied to a trusted local device.
Password is copied directly, not shown.
Google account sign-in adds an extra factor.
Requires a physical YubiKey with PRF support.
Feature comparison
The difference is not that one idea is magic and the other is unsafe. The difference is that GoblinPass gives users optional layers beyond the usual site, login, and master password recipe.
| Feature | LessPass | GoblinPass |
|---|---|---|
| Stateless password generation | Protected | Protected |
| No cloud password vault required | Protected | Protected |
| Additional secret input | Not usually included | |
| Trusted local device factor | Not usually included | |
| Copy-only generated password output | Varies | |
| Google account factor | Not included | |
| YubiKey PRF as a password ingredient | Not included | |
| Advanced-user control | Partial Protection |