FAQ - ZeroDataUpload.com

📌 General Questions

A: Yes! UltraPass Pro is 100% safe because:

Runs entirely in your browser (client-side only)
No data sent to any server
All passwords stored locally on your device
Uses cryptographically secure random generation (crypto.getRandomValues())
Open architecture - you can verify the code yourself
No tracking, no analytics, no external connections (except optional breach checking)

A: Mostly no, with one exception:

✅ No internet needed for generating passwords, saving, viewing history, settings
⚠️ Internet required for breach checking (HaveIBeenPwned API) and loading Chart.js for statistics
• The app works fully offline except for these two optional features

A: All passwords are stored in your browser's localStorage:

• Stored on your computer/device only
• Base64-encoded (obfuscated but not encrypted)
• Persists across browser sessions
• Deleted if you clear browser data
• Not synced across devices
• That's why regular exports are critical!

A: Yes! UltraPass Pro is fully mobile-responsive:

✅ Works on iOS (Safari, Chrome)
✅ Works on Android (Chrome, Firefox, Samsung Internet)
✅ Touch-friendly interface
✅ Mobile-optimized layout
✅ All features available on mobile
📱 Tip: Add to home screen for quick access!

A: Monthly is recommended:

• Export on the 1st of each month (set a calendar reminder)
• Before clearing browser data
• Before switching devices
• Before major browser updates
• After generating many new passwords
• Store exports in multiple safe locations

🔑 Password Generation

A: For maximum security:

1. Length: 20+ characters
2. Types: Uppercase + Lowercase + Numbers + Symbols
3. Mode: Advanced Mode with Quantum + Time-Based enabled
4. Breach Check: Always verify not compromised

For memorable passwords: 5-6 word Passphrase with numbers

A: Generally NO for most accounts:

❌ Many websites don't support Unicode/Emojis
❌ Cannot be used in QR codes
❌ May cause login issues
❌ Hard to type on different keyboards
✅ Only use for experimental/personal projects
✅ Stick to standard characters for compatibility

A: Recommended lengths by account type:

Banking/Financial:

20-24 characters

Email:

18-20 characters

Work/Professional:

18-20 characters

Social Media:

16-18 characters

Shopping/Low-Sec:

12-16 characters

WiFi:

12-16 (use Passphrase)

PINs:

6-8 digits

A: Depends on your needs:

Random Password (e.g., Xk9#mP2$vL4@wN8!):

✅ Maximum entropy per character
✅ Shorter for same security
❌ Impossible to remember
❌ Easy to mistype
Best for: Stored in password manager

Passphrase (e.g., Wizard-Dragon-Thunder-Castle-89):

✅ Easy to remember
✅ Easy to type
✅ Comparable security (with 5+ words)
✅ Natural structure
Best for: Master passwords, frequently typed passwords

Bottom line: Both are secure when generated properly. Use random for storage, passphrase for memory.

A: Custom Rules add your custom text to passwords:

• Location: Advanced Mode tab only
• Scope: Only applies when Advanced Mode tab is active
• Format: Appended to password with hyphen (e.g., -@gmail.com)
• Limit: 100 characters max
• Use: Email markers, company requirements, personal identifiers
• Tip: Switch to Basic Options tab if you don't want custom rules applied

📂 Password History & Management

A: Configurable in Settings:

• 50, 100, 200, 500, or Unlimited
• Default: 100 passwords
• When limit reached, oldest deleted automatically
• Recommend: 200-500 for most users
• Export old passwords before they're auto-deleted!

A: You can't edit the password itself, but you CAN:

✅ Edit the name/label
✅ Add/edit notes
✅ Add/remove tags
✅ Set/change expiration date
✅ Mark as favorite
✅ Mark as compromised
❌ Cannot change the actual password characters
Solution: Generate a new password if you need different characters

A: Expiration is a reminder system:

• 7 days before: "⏳ Expiring in X days" warning appears
• After expiration: "⏰ Password Expired X days ago!" alert appears
• Action needed: Password still works, but you should change it
• Important: Expiration in UltraPass Pro doesn't change password on actual website - you must update it there too

A: Marking a password as compromised means:

• 🚨 Visual warning displayed on card
• Red background alert
• "DO NOT USE" message

Reasons to mark compromised:

• Found in data breach
• Accidentally shared
• Suspect someone knows it
• Account shows suspicious activity

Action: Generate new password immediately and update on the actual website

🔒 Security & Privacy

A: Yes, it's completely safe! Here's how:

1. Your password is SHA-1 hashed locally (e.g., 5BAA61E4...)
2. Only the first 5 characters of the hash are sent to HaveIBeenPwned (5BAA6)
3. API returns all hashes starting with those 5 characters
4. Your browser checks locally if full hash matches
5. Your actual password NEVER leaves your device!

This is called k-anonymity model - the most privacy-preserving breach checking method.

A: Yes, if they have physical access:

⚠️ localStorage is base64-encoded (obfuscation, not encryption)
⚠️ Anyone with browser access can see passwords
⚠️ No master password protection

Protection strategies:

• Use browser profiles (separate user accounts)
• Lock your computer when away
• Use browser's profile lock feature
• Clear data when sharing device
• Store sensitive backups encrypted separately

A: ABSOLUTELY NOT!

❌ One breach compromises ALL accounts
❌ If one site is hacked, all sites vulnerable
✅ Use unique password for EVERY account
✅ That's why this generator exists!
✅ Use a password manager to store them all

Why? If you reuse passwords:

Site A: Hacked, your password leaked

Sites B, C, D, E: All using same password

Result: Attacker tries your email + leaked password on every major site

Outcome: All accounts compromised!

A: YES! Always enable 2FA!

✅ Strong passwords are essential
✅ But 2FA adds critical second layer
✅ Even if password leaks, 2FA protects you
✅ Use authenticator app (Google Authenticator, Authy)
⚠️ SMS 2FA better than nothing, but authenticator app preferred

Defense in depth: Password + 2FA = Maximum security

📤 Export & Import

A: Key differences:

JSON Export (📥 Export User Data):

✅ Complete backup with ALL metadata
✅ Includes notes, tags, expiration dates, compromised flags
✅ Includes settings and preferences
✅ Can be re-imported with full data
✅ Best for backup and restore
• Format: Machine-readable structured data

CSV Export (📊 Export CSV):

✅ Opens in Excel, Google Sheets
❌ Only basic fields (password, type, strength, date, name, favorite)
❌ Loses notes, tags, expiration, compromised flags
❌ Cannot be re-imported
✅ Good for spreadsheet analysis or printing
• Format: Human-readable table

Recommendation: Use JSON for backups, CSV for viewing/analysis

A: Not directly, but you can:

1. Export from other manager (usually as CSV)
2. Format the CSV data
3. Create JSON file matching UltraPass Pro structure
4. Import the JSON file

JSON structure needed:

{
  "password": "YourPassword",
  "type": "standard",
  "timestamp": "2024-10-23T12:00:00Z",
  "strength": 85,
  "name": "Gmail Account",
  "favorite": false
}

Alternatively: Manually generate and name passwords for important accounts

A: QR codes only work with standard characters:

✅ Works: Uppercase, lowercase, numbers, symbols
❌ Fails: Unicode characters (♠♣♥♦)
❌ Fails: Emojis (😀🔐🌟)

Solution:

1. Uncheck Unicode and Emoji options
2. Generate new password
3. Try QR code again
4. Or use Copy/Share instead

⚙️ Technical Questions

A: Modern browsers with crypto API:

✅ Chrome/Edge 90+
✅ Firefox 88+
✅ Safari 14+
✅ Opera 76+
✅ Brave (any recent version)
❌ Internet Explorer (not supported)
❌ Very old browser versions

Required features: crypto.getRandomValues(), localStorage, fetch()

A: Yes, almost completely:

✅ Generate passwords offline
✅ Save and view history offline
✅ All settings work offline
✅ Export data works offline
⚠️ Breach checking requires internet
⚠️ Statistics charts require internet (Chart.js CDN)

Tip: Once loaded, the page works offline until you refresh

A: Yes, but passwords don't sync automatically:

• Each device has separate localStorage
• You must manually export/import to sync
• No cloud sync (privacy by design)

Sync workflow:

1. Device A: Export User Data
2. Transfer JSON file (USB, email, cloud)
3. Device B: Import Data
4. Repeat when needed

A: Since it's a single HTML file:

To reset data:

1. Settings → Clear All Data
2. Or clear browser localStorage manually

To "uninstall":

1. Export data first (backup!)
2. Delete index.html file
3. Clear browser data if desired
4. That's it!

No installation means no complex uninstall process.

🆘 Troubleshooting

A: Usually one of these:

• Using Private/Incognito mode → Use normal mode
• Storage disabled in browser → Enable in settings
• Storage quota full → Export and delete old passwords

A: Try these:

• Allow clipboard permission when prompted
• Click Show → Select text → Manual copy (Ctrl+C)
• Update to latest browser
• Open file via http:// (not file://)

A: Reduce data size:

• Settings → History Limit → 100 or 50
• Delete old unused passwords
• Clear browser cache
• Close other tabs

UltraPass Pro

❓ Frequently Asked Questions