Does Kardix store my passphrase?
No. The passphrase and label are processed locally and the fields are cleared after submission. JavaScript cannot guarantee immediate physical memory erasure, so use a trusted device.
Why is a label required?
The label creates a separate deterministic result for each service. The same passphrase with different labels produces different credentials.
What happens if I type the label differently?
A different spelling, spacing, or character may generate completely different results. Keep a stable naming convention.
Can Kardix recover a forgotten passphrase?
No. There is no account database or recovery copy.
Can two people receive the same result?
A collision is theoretically possible in any finite output space, but the long derived identifiers make accidental collisions extraordinarily unlikely.
Does SHA-256 stop brute force?
It does not make guessing impossible. It makes every guess consume more memory and time, so strong passphrases remain essential.
Can a hacker run the algorithm offline?
Yes, the algorithm is public. They must use the same settings, but can test guesses if they know a generated value.
Are generated Gmail addresses real?
No. A formatted @gmail.com value is not automatically registered, available, or owned by you.
Are QR codes encrypted?
No. A QR code simply encodes the value. Anyone who scans it can read it.
Is copying safe?
Copying is convenient but exposes the value to the system clipboard. Use it briefly and only on trusted devices.
Can I use Kardix for banking?
Consider the recovery and lockout risks carefully. For critical accounts, use strong multi-factor authentication and an independent recovery plan.
Will outputs always remain identical?
They remain identical only when the exact inputs, normalization, algorithm version, and parameters remain unchanged.
Does Kardix replace a password manager?
Not necessarily. It follows a different model with different benefits and risks.
Does the site use cookies?
Credential generation requires no cookies. Consent preferences may be stored locally, and optional advertising or analytics should load only after consent where required.
What should I do after showing a QR code?
Close it immediately, make sure no screen recording or camera captured it, and clear any imported value from unsafe apps.