SimplePass: A Free Password Manager for a Secure Internet

On March 25th, 2025, the wait is over - SimplePass brought back! After being decommissioned on

October 13th, 2023. 

https://simplepass.alightservices.com/

What is SimplePass?

SimplePass is a free, open-source password manager offered as a Progressive Web App (PWA). This means it's accessible on all devices with a modern web browser, and the data is stored locally on your browser! 

What makes SimplePass stand out?

SimplePass is not just any password manager. Here are some features that set it apart:

- Private by design: No data is transferred or stored on servers, and no email addresses are collected.

- Free: SimplePass won't ask for donations. If someone asks for money, they're likely a scammer -report them immediately.

Why are password managers important?

In today's digital age, online security is more crucial than ever. Cyberattacks and identity theft are becoming increasingly common, with malicious actors using advanced technology to hack into accounts and impersonate victims. That's why having access to a reliable password manager like SimplePass is essential.

Stay tuned for video tutorials on how to secure your internet accounts.

Join the fight!  Let's take a stand against hackers who have malicious intent online. 

Here are some past demo’s:

https://www.youtube.com/watch?v=LYs05pHQXCE

https://www.youtube.com/watch?v=_L-30muTugY

https://www.youtube.com/watch?v=m-xjwBryCZo

 

This is the blog post when SimplePass has been decommissioned:

https://blog.alightservices.com/2023/10/migrated-most-of-workloads-from-aws-to.html

Here are some of my recent social media anouncements regarding restoring SimplePass:

https://www.linkedin.com/posts/alight-technology-and-services-limited_alight-technology-and-services-limited-activity-7303051811433693184-FIck

https://m.facebook.com/story.php?story_fbid=pfbid0FMPK5zeUU4bLrdQSmyJGpNYVhQ8JESLkGp8k7QK886hbtw9Xqc1DiveQEEpBfAn8l&id=100071572111527

I thank Microsoft, Microsoft for Startup Founders, Corporate Vision Magazine U.K, NASSCOM 10000 virtual incubation.

Follow on social media to stay updated on the latest developments:

ALight Technologies USA Inc | Facebook

https://www.facebook.com/ALightTechnologyAndServicesLimited

Web Veta | Facebook

WebVeta Saas | LinkedIn

https://www.linkedin.com/company/alight-technologies-usa-inc/

https://www.linkedin.com/company/alight-technology-and-services-limited/

https://twitter.com/ALightTech

https://www.youtube.com/@alighttechnologyandservicesltd

https://blog.alightservices.com/

https://medium.com/@ALlightTechnologyAndServices

ALight Technology And Services Limited eager to explore this new partnership and create even greater value for our customers.

Best regards,

Mr. Kanti Arumilli 

I don’t have any fake aliases, nor any virtual aliases like some of the the psycho spy R&AW traitors of India. NOT associated with the “ass”, “es”, “eka”, “ok”, “okay”, “is”, erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra, zinnabathuni, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore – if he joined Mafia), mukesh golla (was a friend and classmate 1998 – 2002, if he joined Mafia), erra, erra, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas or Arumilli uttam(may be they are part of a different Arumilli family – not my Arumilli family).

SimplePass getting restored soon…

SimplePass was a offline password manager PWA. SimplePass was launched on June 11^th 2021, decommissioned on 13th October 2023.

Soon, SimplePass gets restored at https://simplepass.alightservices.com.

There would be few updates once in a while.

Google tracking script gets removed and offers complete privacy. Passwords get stored on your device, passwords can be exported and imported. And expect some minor updates.

There are some narcisst false ego, false prestige psychopests who might try to create alternate stupid propaganda, but they are just shameless perverts using invisible spying cameras and speakers and peeping into bedrooms and bathrooms.

SimplePass was my startup’s first product and offered completely free. I had good intentions, I was busy developing WebVeta and de-commissioned SimplePass during transfer of servers from AWS to Azure. As part of my startup’s Social Responsibility policy - https://www.alightservices.com/social-responsibility/, I am restoring SimplePass.

 

Here are some past demo’s:

https://www.youtube.com/watch?v=LYs05pHQXCE

https://www.youtube.com/watch?v=_L-30muTugY

https://www.youtube.com/watch?v=m-xjwBryCZo

 

This is the blog post when SimplePass has been decommissioned:

https://blog.alightservices.com/2023/10/migrated-most-of-workloads-from-aws-to.html

Here are some of my recent social media anouncements regarding restoring SimplePass:

https://www.linkedin.com/posts/alight-technology-and-services-limited_alight-technology-and-services-limited-activity-7303051811433693184-FIck

https://m.facebook.com/story.php?story_fbid=pfbid0FMPK5zeUU4bLrdQSmyJGpNYVhQ8JESLkGp8k7QK886hbtw9Xqc1DiveQEEpBfAn8l&id=100071572111527

I thank Microsoft, Microsoft for Startup Founders, Corporate Vision Magazine U.K, NASSCOM 10000 virtual incubation.

Follow on social media to stay updated on the latest developments:

ALight Technologies USA Inc | Facebook

https://www.facebook.com/ALightTechnologyAndServicesLimited

Web Veta | Facebook

WebVeta Saas | LinkedIn

https://www.linkedin.com/company/alight-technologies-usa-inc/

https://www.linkedin.com/company/alight-technology-and-services-limited/

https://twitter.com/ALightTech

https://www.youtube.com/@alighttechnologyandservicesltd

https://blog.alightservices.com/

https://medium.com/@ALlightTechnologyAndServices

ALight Technology And Services Limited eager to explore this new partnership and create even greater value for our customers.

Best regards,

Mr. Kanti Arumilli 

I don’t have any fake aliases, nor any virtual aliases like some of the the psycho spy R&AW traitors of India. NOT associated with the “ass”, “es”, “eka”, “ok”, “okay”, “is”, erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra, zinnabathuni, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore – if he joined Mafia), mukesh golla (was a friend and classmate 1998 – 2002, if he joined Mafia), erra, erra, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas or Arumilli uttam(may be they are part of a different Arumilli family – not my Arumilli family).

Clearing some mis-conceptions about SimplePass

Clearing some mis-conceptions about SimplePass

1) SimplePass can be bruteforced.

Answer: Yes

Every offline application can be brute-forced like Word/Excel documents or zip files.

2) SimplePass is sloooow!

Answer: Yes, but for a good reason!

        If the current industry-standard SHA-256 algorithm was used and if you had a 6 digit number as SimplePass password, on my laptop, the password database can be brute-forced in 6 seconds on average. 

        But SimplePass uses a way more complex algorithm compared to SHA-256. In the above scenario of 6 digit number being brute-forced, it takes anywhere from 1 - 11 days on average (depending on various factors). The algorithm is complex. The complexity of the algorithm varies depending upon the speed of your machine. The benchmarking happens when you use SimplePass for the first time. The benchmarking result determines the complexity of the algorithm. So, the strength of the algorithm might not be the same for every machine. The strength of the algorithm adapts to the speed of your machine determined when benchmarking for the first time.

        SimplePass is slightly slow for a reason. I am a developer, I had to make a decision between a fast but easily cracked security mechanism vs a little slower (1 - 2 seconds response time, not too bad) but harder to crack security mechanism. I believe that applications should be secure by default. So, I opted for the complex algorithm at the expense of a slightly seemingly slower application.   

3) Why aren't there recent updates for SimplePass? What happened to the roadmap?

       Due to certain reasons, I had to pivot to some other projects. SimplePass is not dead, all the features mentioned in the roadmap would be implemented. Due to certain reasons that I can't mention here, I had to prioritize some other projects. This decision was made sometime during the end of the first week of August. But ALight Technology And Services Limited would always stay committed to building products for the use of every netizen and some if not all of the products would always remain free and complete privacy-focused. For example, SimplePass does not even ask for your email address, no email campaigns/mailing lists. You can use SimplePass without even giving your email. If server-based features are added, things might get slightly different but still user privacy and security would be prioritized.

Clearing some mis-conceptions about SimplePass

A Simple Pitch at Global Network UK Launch Event

A Simple Pitch at Global Network UK Launch Event

   On September 15th, I had the opportunity to make a pitch in front of 50 - 100 people. Thank you, Duccio, for organizing such a nice event. This is the first time, I have ever made a speech in front of an audience. This is not exactly the pitch I planned when I signed up for the event. I planned to talk about my second product "VoiScriber" and expected to do a pre-release before September 15th, but that didn't happen. For now "VoiScriber" is an umbrella of related products. The first product under the "VoiScriber" umbrella is still under development. So, I ended up talking about my company "ALight Technology And Services Limited" and my companies first product "SimplePass". It was a lovely evening yesterday. Met people from various industries "real estate", "wealth management", "business consulting", "legal solicitors", "financial services" etc... It's great to meet other business owners, startup founders etc... over drinks.

ALight Technology And Services Limited offers I.T Consulting and development services. My focus and strengths are particularly Web Development, Process Improvement, Cost Optimization, AWS Cloud Development, and Azure Development. Although I offer custom and cross-platform mobile development services, I don't want to spend my time and energy on mobile application development. But, I can offer I.T Architectural service and help outsource/guide mobile development.

SimplePass is the first ubiquitously accessible, privacy-focused free password manager. The first of its kind, although very simple. Does not even collect email addresses, your data, your passwords reside on your computing devices. There are a lot of planned enhancements, that would be rolled out slowly. The product's version history and roadmap can be found here. There might be or might not be commercial versions. Because, once I offer server-based storage and charge a subscription fee, SimplePass would end up being another "me too" password manager. Unless and until I figure out a unique value proposition, there won't be a commercial version. SimplePass is absolutely free for personal and commercial purposes, and absolutely NO donations are accepted. SimplePass is being offered in good faith, and having access to a free password manager should be a right of every netizen.

A Simple Pitch at Global Network UK Launch Event

Pitch for an upcoming business networking meet

Pitch for an upcoming business networking meet

I am planning to attend some business networking events in the next few months. Here is a video and the accompanying PowerPoint presentation.

Powerpoint Presentation

Youtube Video

Pitch for an upcoming business networking meet

How to secure Microsoft Account

How to secure Microsoft Account

With the Microsoft OneDrive integration feature coming soon in SimplePass. I wanted to make a blog post on how to secure your Microsoft account. Of course, once the integration is completed, there will be some additional tips on how to use OneDrive integration securely.

For those of you who haven't heard of Microsoft OneDrive, Microsoft OneDrive is a file hosting service from Microsoft. There is a web interface, Windows application, Android, iOS apps. The free version allows storing up to 5 GB. With Office 365, 1TB. For our purposes, we just need a few kb. This free service from Microsoft can be used for passwords synchronization across different devices.

The risk is that, if your Microsoft account gets hacked, your other Microsoft services such as email, files on OneDrive can get hacked. So, to minimize that risk, this blog post discusses how to secure your Microsoft account.

Microsoft along with a lot of other companies allow the use of MFA (Multi-Factor Authentication). There is even a page displaying recent activity, that shows recent login activity.

Navigate to https://account.microsoft.com/security?refd=account.microsoft.com, and login into your account.

Here you can see "Sign-in activity", clicking on that displays all recent login activity.

Click on Advanced Security, here turn on two-step verification. You can add an additional email or mobile number or Authenticator code or hardware key. My most preferred option is a hardware key like Yubico's Yubikey. But the drawback is that the hardware key costs money. I used to like Authenticator, but I recently saw a drawback in Microsoft's approach, and out of scope of current blog post. For now, I would say, if possible avoid the Authenticator option, for now. 

For example, if you add a different email, you need to secure that account. If you add mobile, be careful, that if you would lose access to your Microsoft account if you lose your mobile. A few months ago, I personally lost my mobile and it became a nightmare. Now, I have access to all my accounts. 

If you see any suspicious activity, scroll down and click "Sign me out" everywhere. Change your password. Periodically review your "Sign-in activity".

If you secured your Microsoft account, you can start using Microsoft OneDrive even today. Export passwords, upload to OneDrive. On the other device, log in into OneDrive, download, import. Then delete the file from your devices, recycle bin, and OneDrive, OneDrive's recycle bin. But if you exported passwords for the purpose of backup, you don't have to delete the file, but safeguard the file.

Stay safe from the prying online hacker's eyes.

How to secure Microsoft Account

Synching passwords across devices with SimplePass

 Synching passwords across devices with SimplePass

           If you use Microsoft OneDrive or Google Drive or DropBox, you can upload the exported file from your mobile or PC and import it on other devices. There will be a demo video showing how to do this soon. However, remember that you need to secure your Microsoft / Google / DropBox account. I can provide some blog posts and provide demo videos on how to secure your Microsoft / Google / DropBox accounts. As of now, it could seem a bit awkward to manually upload the exported file and manually importing the backed-up file. The next release would include the feature to allow directly importing and exporting to Microsoft OneDrive or Google Drive or DropBox. More demo videos once that feature is developed and released. But remember that you still need to secure your Microsoft / Google / DropBox accounts.

        If you have any feature requests or suggestions or criticism or compliments, please contact me by filling out this Google Form. Feature Requests would be considered based on feasibility. I am always open to suggestions and constructive criticism. Compliments? Thank you.

Synching passwords across devices with SimplePass

Version 0.3.6 Release Completed!

 Version 0.3.6 Release Completed!

Version 0.3.6 has been released. The application would automatically get updated.

The application can be accessed from here.

Version 0.3.6 Release Completed!

Version 0.3.6 release!

 Version 0.3.6 release!

Version 0.3.6 of SimplePass will be released in the next 24 hours! The new features are:

1) SimplePass now tracks create and update dates of passwords. Password expiration days can be configured in settings. List page has the ability to filter expired and soon to be expiring passwords. As a good password management practice, periodically changing passwords is a best practice.

2) Master password creation and update dates are tracked. Changing master password is also a good practice. Just don't forget, there is no way of recovering if you forget the master password. Although the application requires at least 4 alphanumerics for the master password, the longer the master password the higher security.

3) Whenever a new password is generated or re-generated, password strength is displayed. The higher the number, the better.

4) Some rework on the internal working of the menu system for some future work. This has no visual effect for users.

More features are planned in the roadmap of the free version. The current roadmap can be viewed here. In addition, the following features would be provided as part of the free version.

1) Tracking the backup status of entries, so that you would know if there are entries that haven't been backed up.

2) Google Drive, Microsoft OneDrive, and Dropbox integration for easy backups and imports across devices. But you are responsible for safeguarding these accounts.

3) Remembering parameters used to generate each password, so that the settings are remembered for each entry.

4) Groups - Allowing entries to be arranged as groups such as email, internet, banking, education etc...

5) Optional Recycle Bin type of feature for deleted entries.

6) Additional security layer such as public/private key instead of the master password and/or in addition to the master password.

7) Native apps for Windows Store, Windows Desktop, MacOS, Linux, Android Mobile and Tablets, Kindle Fire, Apple iPhone and iPad.

8) Google Chrome, Firefox and Edge Browser extensions.

9) Notes, Encrypted Notes as part of entries.

10) Select multiple entries and perform various things.

11) Autofill prompt for usernames in entries.

12) Vaults - think of vaults like multiple files. One vault for work purposes, another for home-related. Or one vault in memory mode another vault like the current mode.

13) Ability to import passwords from CSV files. Some 3rd party applications allow exporting passwords into CSV. So, if you are using a third-party application and want to switch to SimplePass, this would be easier.

14) Update Password mode. - When updating passwords on websites, usually we enter the current password, new password twice, and click save. In a similar way, SimplePass would hold the current password and new password. Once the change is successful, Clicking update would remove the old password and replace it with the new password, else, the new password will be discarded. 

Version 0.3.6 release!

Summary Post

Summary Post

SimplePass receives an A+ on SSL Labs. The report can be accessed here.

A video demoing the usage and features of SimplePass can be accessed here.

ALight Technology And Services Limited is now a Microsoft Partner!

Partnership related link: https://www.alightservices.com/partnerships

Here is the link to partner details webpage on Microsoft's website: Microsoft Partner Details

With that, ALight Technology and Services Limited is open for offering consulting and development services.

Remember that the address is a virtual office.

Official LinkedIn, Facebook and Twitter links are:

Facebook

LinkedIn

Twitter

There is a super-advanced technology that is state-sponsored and has invisible drones with some very advanced technology. Such technology does exist, and some of the capabilities are:

1) Spying camera, can see from various angles. So whatever you see/hear can be seen and heard by the state-sponsored spies.

2) Whispering speakers can make sounds, talk, whisper like devil / satan.

3) The most advanced technology - Mind reading capabilities - They can know what you think/visualize.

There might be some more technologies, including some invisible hand type of technology, such as the capability to press keys on an unattended laptop/mobile.

 

In this kind of state-sponsored advanced raw technologies, how can we protect our accounts? How can anyone be protected in a world of targeted hacking?

 

1) Passwords should not be displayed/memorized/typed.

2) Even if a password is memorized or keyed in, some multi-factor authentication and the authentication method should not allow duplicate logins. For example, if the hacker/spy also entered the same password and the same OTP, the system should reject both attempts.

 

With the above two points in mind, simple pass is trying to solve a specific problem. That's why simplepass never shows passwords on-screen nor allows entering your passwords. Once all the features of the free version are entirely implemented, there might be some paid subscription features that will address the above-mentioned problems in a very secure way.

As of now, as a user of SimplePass, you are responsible for the physical security of your device, how and where you store your backups.

 

This blog will periodically provide articles and practical tips on securing accounts and various ways of protecting passwords/accounts. Maybe even provide tips and tricks for security-conscious developers.

It's always a good practice to secure online accounts. This article describes some ways to secure accounts.

Most online accounts nowadays have support Multi-Factor authentication (MFA). When and where possible, enable MFA. Some of my favorites that provide MFA are GMail, Outlook, Facebook. Several different types of MFA options are available:

1) OTP based - The application would send a small special code to a specified email / mobile number and prompts for that code to be entered. Although, I like this approach, I am a bit skeptical.

2) Mobile notification alerts - Some applications send a alert to a mobile application and ask for approval. Microsoft, excels in this approach, by displaying a special code on the login screen, the notification displays the special code and prompts for approval. I like Microsoft's approach in this method.

3) Physical Hardware Key such as YubiKey from Yubico. This is my most favorite approach. The small hardware key just sits on my keychain along with my physical keys such as house key etc... The drawback is what happens if the key gets damaged.

4) Authentication Codes: Some websites, allow scanning a QR code as MFA in applications such as Microsoft Authenticator / Google Authenticator. Once successfully setup, the website prompts for a code to be entered, the Authenticator applications display a unique time based code that gets changed every few seconds.

Each approach has it's own strengths and weaknesses. For example, what would happen if you lose sim card / mobile phone / hardware key. How easy is it to backup accounts, restore accounts. Irrespective of the MFA approach that you would use, it's always a good idea to enable and use MFA.

Some websites if not all have a recent activity page that displays sign-in attempts, where the account is logged in and allows remotely logging out those unused sessions. I would say regularly reviewing this activty and removing unused sessions would be prudent.

 

Stay safe and vigilant from online hackers and frauds!

Summary Post