Industry news, product updates, security deep-dives, and the occasional rant about how broken password sharing has become.
Today we're launching Pwdly — a password manager built around a 3-word phrase, end-to-end encryption, and a server that genuinely cannot read your data.
Sharing a vault with a teammate sounds simple — until you realize the server can never read what's inside. Here's the cryptographic choreography that lets you invite collaborators without ever exposing a single secret to Pwdly.
Master passwords are the worst of both worlds: hard to remember and easy to crack. We replaced them with three words because human memory and cryptographic entropy don't have to be enemies.
Three random words feel small. Mathematically, they are anything but. Here's how a tiny phrase becomes a key strong enough to protect your entire vault.
Offboarding is where most teams' security posture quietly collapses. Here's how Pwdly makes revoking access an instant, cryptographically-backed event — not a checklist item that gets forgotten on a Friday afternoon.
Your master key has to live somewhere while you're using Pwdly. Here's the surprisingly nuanced engineering that goes into making sure 'somewhere' isn't a place an attacker can reach.
We pulled a real row from production. Here's exactly what an attacker — or a curious engineer — would see if they queried our credentials table.
A quick look at the stack: React on the front, Lovable Cloud on the back, and the browser's Web Crypto API doing all the heavy lifting in between.