PassWave — Password Generator & Vault

Context

Sometimes you don't need a "life manager," you need a quick password generator: click, copy, move on. PassWave is for that. If you want — store a few entries locally and (optionally) sync across devices. If you want silence — it runs fully offline and calls no one.

Key Decisions

• End‑to‑end encryption in the browser. The server sees only encrypted blobs — it's a courier, not a reader.
• Supabase as a lightweight backend: auth, storage, sync out of the box.
• Real PWA: offline, install to home screen, instant cache loads.
• Mini FSD architecture so the project can grow without pain.

Built for People, Not Checklists

• Strong password generation with presets and "no O/0, I/l."
• Passphrases for those who prefer remembering to pasting.
• Batch generation (tidy up in one sitting).
• QR code to avoid sending secrets to yourself in messengers.
• Local vault + optional sync.
• Dark mode (of course).

Context of the Era

2024–2025: password managers are saturated "combines" with subscriptions and autofill. Many users want a fast, private, platform‑agnostic way to generate/store a few secrets.

Business Insights

• JTBD: "quickly generate/store 3–20 passwords," offline, no subscription.
• Positioning: privacy‑first, zero‑knowledge, PWA over platform lock‑in.
• Monetization (optional): one‑time unlock (themes/dictionaries), B2B white‑label.
• Channels: SEO "password generator," privacy communities, short demos.

Results

Lessons and Pitfalls

• Supabase is great for MVPs: auth + API in 15 minutes; the rest is business logic.
• Even a "simple" project benefits from FSD to avoid the junk drawer.
• The less code between a person and a password — the fewer bugs and pain.
• Zero‑knowledge data architecture doesn't excuse a weak backend. Dependencies are attack surface.

See also

• PassWave article + postmortem
• Self‑host Supabase — how I keep the backend under control