Passwords people can't live with don't stay secure.
DinoPass is genuinely great. Simple, friendly, and I used it myself for years. TofuPass isn't here because DinoPass is doing it wrong.
But I work in IT. And the pattern I kept seeing wasn't a lack of tools - it was what happened after people got their password. They'd reuse it, simplify it, or tape it to their monitor.
Small friction, big consequences.
The moment a password crosses a friction threshold, people stop working with it and start working around it. The triggers are always the same:
P@ssw0rd123!
- work email
Structure over chaos.
TofuPass focuses on readable patterns instead of maximum randomness. Two familiar words, a common symbol, a short number. You get passwords like:
Not unbreakable - but genuinely usable. And under the hood, everything still generates in your browser using cryptographic randomness. No accounts, no analytics, nothing leaves your device.
Not a replacement. A bridge.
If you're using a password manager with long random strings for everything - great. That's ideal. TofuPass exists for the rest of the time: when you need something strong enough for real use, simple enough to remember, and private enough that you don't have to trust anyone.
