Help & FAQ

How does "100% passwordless" work?

Instead of forcing you to memorize a master password, Shhh relies on modern authentication standards. We use your Google Account (via OAuth) to verify your identity, combined with Two-Factor Authentication to ensure that only you can access your vault.

What happens if I lose access to my Google account?

Because your vault is tied directly to your Google Identity, losing access to your Google account means you will lose access to your vault. We highly recommend securing your Google account with robust Two-Factor Authentication and saving your Google backup codes in a safe physical location.

Can Shhh read my passwords?

No. Shhh is built on a zero-knowledge architecture. All of your secrets are encrypted locally on your device before they are ever transmitted to our database. We store the encrypted blobs, but we do not have the keys to decrypt them. Only you can unlock your vault.

Why does my session expire after 1 hour?

Security is our top priority. To prevent unauthorized access if you leave your device unattended, all vault sessions are strictly limited to a maximum of 60 minutes. Once the session expires, your vault automatically locks itself and purges decrypted data from memory.