Download FAQ Buy Support

Frequently Asked Questions

What is Forgiva can be called in terms?

It is called stateless (or deterministic) password manager.

What is it makes Forgiva better against other stateless/deterministic password managers?

First of all it's not a key-derivation algorithm but a "combination algorithm" which generates way-much stronger keys other than bcrypt,scrypt and argon2. We will put benchmarks soon.

Most of the stateless password managers just uses one type of key-derivation algorithms but Forgiva uses a lot of encryption and hashing algorithms added depending on the master-key.

Tying algorithm order with master-key makes it impossible to determine an estimation time (and processor cost) for a brute-force attack session. This puts Forgiva one step beyond others. Please take a look at iterative-hashing and iterative-encryption methods at open source implementation

It has been developed by bypassing some arguments related to stateless password managers which you can take a look at here and here .

Forgiva surpasses most of the arguments against the idea and presents stateless password managing as a great method to get protected.

How does it protect me better against malware?

First of all we must understand how malwares attack to existing password managers. You can take a look at Citadel Trojan for example. They hijack your interaction with computer and try to fetch all the actions you make to unlock authorizations. First and foremost they track your keyboard and get key sequences to determine the password you enter. And if it is possible on some cases they hijack into application memory to dump stored master-keys.

In Forgiva, we understand this risk and we put counter-measures to harden theft attacks. We put visual confirmation mechanism and we put certification system. By those, even a malware steals your master-key it is not enough to re-generate your passwords. It should find out (by monitoring your screen) your visual confirmation pattern and certificate data (by accessing your filesystem).

By these measures, Forgiva protects you much better than other major password managers.

Does my master-key gets exposed to brute-force attacks from malicious sites?


Forgiva does not generate your password only by using your master-key but certificate and visual pattern. And on some cases if you renew your password, it uses renewal details too.

How about for sites with restrictive password requirements?

Passwords, generated by Forgiva are offered with 16 characters minimum (you can go up to 32 characters by default) of length and 70 bits of entropy guaranteed on normal complexity level. And it is called on strong level for financial institutions and military grade applications.

Thus it is not expected for any site to deny Forgiva generated passwords.

How does it work on algorithm level?

You can take a look at open source implementation of Forgiva at Algorithm details are well written and open to everyone.

Lets say my visual confirmation pattern understood and certificate is stolen and a generated password of mine is acquired from a malicious site. How long does it take to crack my master-key?

Practically it would take at least a few life-times if you use a good master-password with 60 bits minimum.

Let's consider the account of Bill Gates with "" host, "" account and "forgiva is the best" password. on a Macbook Pro 2014

To crack a password with 73 bit entropy it would take ~6 million years to complete all combinations on Normal complexity.

On Intermediate complexity it will take ~24 million years and on Advanced complexity it will take ~280 million years to reach all combinations at minimum.

Who are the developers?

Forgiva is developed by Sceptive, a professional security firm with talented hackers servicing to financial corporations, military agents and various highly-graded corporations all over the world.

Idea and major development has been done by Harun Esur, founder of Sceptive.