{"id":43249449,"url":"https://github.com/jlinoff/pam","last_synced_at":"2026-04-24T06:04:58.269Z","repository":{"id":41145624,"uuid":"498132704","full_name":"jlinoff/pam","owner":"jlinoff","description":"password manager for personal account records webapp (aka personal account manager)","archived":false,"fork":false,"pushed_at":"2026-04-15T02:06:51.000Z","size":29374,"stargazers_count":4,"open_issues_count":4,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-15T02:29:34.207Z","etag":null,"topics":["javascript","webapp"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jlinoff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-05-31T00:15:03.000Z","updated_at":"2026-04-15T02:06:48.000Z","dependencies_parsed_at":"2024-03-04T00:22:01.185Z","dependency_job_id":"c8e583a4-daaf-4d15-aa3b-f50852a8cb29","html_url":"https://github.com/jlinoff/pam","commit_stats":null,"previous_names":[],"tags_count":67,"template":false,"template_full_name":null,"purl":"pkg:github/jlinoff/pam","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlinoff%2Fpam","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlinoff%2Fpam/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlinoff%2Fpam/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlinoff%2Fpam/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jlinoff","download_url":"https://codeload.github.com/jlinoff/pam/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlinoff%2Fpam/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32211386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T03:15:14.334Z","status":"ssl_error","status_checked_at":"2026-04-24T03:15:11.608Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","webapp"],"created_at":"2026-02-01T12:55:45.323Z","updated_at":"2026-04-24T06:04:58.253Z","avatar_url":"https://github.com/jlinoff.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pam\n[![Release](https://img.shields.io/github/release/jlinoff/pam?style)](https://github.com/jlinoff/pam/releases)\n![Workflow](https://github.com/jlinoff/pam/actions/workflows/main.yml/badge.svg)\n\npersonal account manager webapp\n\n\u003e **New to PAM?** Start with the [Quick Start guide](./QUICKSTART.md) — get up and running in five minutes.\n\n\u003e **Documentation note:** The screenshots and UI descriptions in this document reflect PAM 1.2.5 and earlier. PAM 1.3.0 introduced tabbed preferences navigation and other visual changes. The concepts and features are identical — the documentation remains accurate and useful, but some screenshots and UI descriptions may not map 1:1 to what you see on screen.\n\n\n\u003cdetails\u003e\n\u003csummary\u003eMetadata\u003c/summary\u003e\n\nThe meta data in the table is populated during the build process when\nthe on-line help is generated.\n\n| Field | Value |\n| ----- | ----- |\n| Author | Joe Linoff |\n| Copyright (\u0026copy;) | 2022 |\n| License | MIT Open Source |\n| Version | `__VERSION__` |\n| Bootstrap Version | `__BOOTSTRAP_VERSION__` |\n| Build | `__BUILD__` |\n| GitCommitId | `__GIT_COMMIT_ID__` |\n| GitBranch | `__GIT_BRANCH__` |\n| project | [https://github.com/jlinoff/pam](https://github.com/jlinoff/pam) |\n| webapp | [https://jlinoff.github.io/pam/www/](https://jlinoff.github.io/pam/www/) |\n| help | [https://jlinoff.github.io/pam/www/help/](https://jlinoff.github.io/pam/www/help) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eTable of Contents\u003c/summary\u003e\n\n\u003c!--ts--\u003e\n\n * [Introduction](#introduction)\n * [Overview](#overview)\n * [Reasons to not use PAM](#reasons-to-not-use-pam)\n * [Reason 1: You want browser autofill](#reason-1-you-want-browser-autofill)\n * [Reason 2: You already have something that works](#reason-2-you-already-have-something-that-works)\n * [Reason 3: Too complex](#reason-3-too-complex)\n * [Reasons to consider using PAM](#reasons-to-consider-using-pam)\n * [Reason 1: No Client Server Communications](#reason-1-no-client-server-communications)\n * [Reason 2: Record Model](#reason-2-record-model)\n * [Reason 3: Searching](#reason-3-searching)\n * [Reason 4: Automatic Password Generation](#reason-4-automatic-password-generation)\n * [Reason 5: File Based Storage](#reason-5-file-based-storage)\n * [Reason 6: Secure Context Encryption](#reason-6-secure-context-encryption)\n * [Reason 7: Hiding Passwords from Casual Observers](#reason-8-hiding-passwords-from-casual-observers)\n * [Reason 8: Access from mobile devices](#reason-8-access-from-mobile-devices)\n * [Reason 9: FOSS](#reason-9-foss)\n * [PAM vs mainstream password managers](#pam-vs-mainstream-password-managers)\n * [Records](#records)\n * [Unexpanded View of all Records](#unexpanded-view-of-all-records)\n * [Expanded View of a Record](#expanded-view-of-a-record)\n * [Topics](#topics)\n * [Fields](#fields)\n * [Field Types](#field-types)\n * [Custom Fields](#custom-fields)\n * [Password Fields](#password-fields)\n * [Cryptic Passwords](#cryptic-passwords)\n * [Memorable Passwords](#memorable-passwords)\n * [Hidden Password Representation](#hidden-password-representation)\n * [Visible Password Representation](#visible-password-representation)\n * [Password Generator](#password-generator)\n * [Layout](#layout)\n * [Menu and Search Section](#menu-and-search-section)\n * [Search](#search)\n * [Menu](#menu)\n * [Records Section](#records-section)\n * [Status and Controls Section](#status-and-controls-section)\n * [Menu Functions](#menu-functions)\n * [About](#about)\n * [Create New Record](#create-new-record)\n * [Method 1: Menu Approach](#method-1-menu-approach)\n * [Method 2: Clone Approach](#method-2-clone-approach)\n * [Method 3: JSON Approach](#method-3-json-approach)\n * [Edit Record](#edit-record)\n * [Delete Record](#delete-record)\n * [Deactivate Record](#deactivate-record)\n * [Clone Record](#clone-record)\n * [Clear Records](#clear-records)\n * [Save File](#save-file)\n * [Load File](#load-file)\n * [Get Help](#get-help)\n * [Preferences](#preferences)\n * [Search Preferences](#search-preferences)\n * [Case Insensitive Searches](#case-insensitive-searches)\n * [Search Record Titles](#search-record-titles)\n * [Search Record Field Names](#search-record-field-names)\n * [Search Record Field Names](#search-record-field-names)\n * [Search Record Field Values](#search-record-field-values)\n * [Hide Inactive Records](#hide-inactive-records)\n * [Password Preferences](#password-preferences)\n * [Minimum Password Length](#minimum-password-length)\n * [Maximum Password Length](#maximum-password-length)\n * [Memorable Password Min Word Length](#memorable-password-min-word-length)\n * [Memorable Password Word Separator](#memorable-password-word-separator)\n * [Memorable Password Min Words](#memorable-password-min-words)\n * [Memorable Password Max Tries](#memorable-password-max-tries)\n * [Memorable Password Prefix](#memorable-password-prefix)\n * [Memorable Password Suffix](#memorable-password-suffix)\n * [Miscellaneous Preferences](#miscellaneous-preferences)\n * [Log Status to the Console](#log-status-to-the-console)\n * [Clear Records On Load](#clear-records-on-load)\n * [Enable Printing](#enable-printing)\n * [Load Duplicate Record Strategy](#load-duplicate-record-strategy)\n * [Clone Field Values when Cloning Records](#clone-field-values-when-cloning-records)\n * [Require Record Fields](#require-record-fields)\n * [Enable Editable Field Name](#enable-editable-field-name)\n * [filePass Cache Strategy](#filepass-cache-strategy)\n * [Custom About](#custom-about)\n * [Record Fields](#record-fields)\n * [Saving Preferences](#saving-preferences)\n * [Security Considerations](#security-considerations)\n * [MITM](#mitm)\n * [Third Party Web Site Security](#third-party-web-site-security)\n * [Site Reliability](#site-reliability)\n * [Over the Shoulder Surfing Attack](#over-the-shoulder-surfing-attack)\n * [Malware: Key Logging and Screen Recording](#malware-key-logging-and-screen-recording)\n * [Malware: Clipboard Attack](#malware-clipboard-attack)\n * [Unattended Browser](#unattended-browser)\n * [Website Spoofing](#website-spoofing)\n * [Dictionary and Brute Force Password Attacks](#dictionary-and-brute-force-password-attacks)\n * [Protecting Yourself](#protecting-yourself)\n * [Multi-Factor Authentication](#multi-factor-authentication)\n * [Usage Examples](#usage-examples)\n * [Personal Account Records](#personal-account-records)\n * [Create Record File](#create-record-file)\n * [Use Record Data to Log into a Site](#use-record-data-to-log-into-a-site)\n * [Edit an Existing Record](#edit-an-existing-record)\n * [Delete an Existing Record](#delete-an-existing-record)\n * [Clone an Existing Record](#clone-an-existing-record)\n * [Share Credentials for a Small Group](#share-credentials-for-a-small-group)\n * [Recipes](#recipes)\n * [Books](#books)\n * [Decrypting and encrypting PAM files from the command line](#decrypting-and-encrypting-pam-files-from-the-command-line)\n * [Developer Notes](#developer-notes)\n * [License](#license)\n * [Build PAM](#build-pam)\n * [Create Favicon](#create-favicon)\n * [Test PAM](#test-pam)\n * [Interactive unit testing in the browser](#interactive-unit-testing-in-the-browser)\n * [Release PAM](#release-pam)\n * [History](#history)\n\n\u003c!--t3--\u003e\n\n\u003c/details\u003e\n\n## Introduction\n_PAM_ or Personal Account Manager is a free and open source, single\npage web application that is designed to help you conveniently and\nsecurely manage your confidential information _like passwords_ inside\nthe secure context of your web browser as dynamically configurable\nrecords that can be searched _without having to rely on services from\na third party server_ because they are stored in a file that _you\ncontrol_ either on your local device or on a cloud based file server.\n\nThe _PAM_ file is encrypted both in transit and when stored so the contents are\nsafe from hackers if the file was stolen assuming, of course, that the password\nyou used to encrypt it _was strong_.\n\nThe PAM file flow is shown in the figure below. Note that the _save_ device and\nthe _load_ device could be _the same device_.\n\n\u003cimg src=\"www/help/pam-file-flow-screenshot.png\" width=\"95%\" alt=\"pam-file-flow\"\u003e\n\nYou can access _PAM_ from your own secure web server (including\nlocalhost) or from the public\n[github.io server](https://jlinoff.github.io/pam/www/index.html).\nIn either case, once the application is loaded into your browser\nor run as a local web app\n([PWA](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Installing))\n_there is no other communication_ with the web server which you can\nverify by monitoring outbound network traffic.\n\nIn addition, _PAM_ is designed to be mobile friendly so you can access\nit from your laptop browser as well as your mobile phone and tablet.\n\nIt looks _something_ like this on my iphone in dark mode for the fictitious\nexample records that are provided by PAM to practice with, as described\nin the [Load File](#load-file) section later on.\n\n\u003cimg src=\"www/help/pam-iphone-screenshot-dark.png\" alt=\"iphone-screenshot-light-mode\" width=\"400\"\u003e\n\nAnd _something_ like this in light mode.\n\n\u003cimg src=\"www/help/pam-iphone-screenshot-light.png\" alt=\"iphone-screenshot-dark-mode\" width=\"400\"\u003e\n\nAt the bottom left of the screen there is a button that allows you to toggle between\nlight and dark mode. It looks like a sun (switch to light) in dark mode:\n\u003cimg src=\"www/icons/blue/sun.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e\nand like a moon (switch to dark) in light mode:\n\u003cimg src=\"www/icons/blue/moon.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e.\n\nDark and light mode examples will be intermixed throughout this document.\n\nThe records appear as accordion entries that expand when you click on them as shown below.\n\n\u003cimg src=\"www/help/pam-google-record.png\" width=\"400\" alt=\"google-account-example\"\u003e\n\nOnce the record is expanded you simply click on the clipboard\n\u003cimg src=\"www/icons/blue/clipboard.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e\nicon associated with the record field you are interested in (like the\npassword) to copy its value to the system clipboard so that it can\nthen be pasted them into the appropriate login field. You can click on the eye\n\u003cimg src=\"www/icons/blue/eye.svg\" height=\"32\" width=\"32\" alt=\"eye\"/\u003e\nicon to see the password in plaintext. By default all record fields containing\nsensitive information,like passwords, are masked so that a casual observer\ncannot see it.\n\nYou can even include images as shown in this example which is also provided\nby PAM to practice with and, like the examples above, is also described in\nthe [Load File](#load-file) section later on.\n\n\u003cimg src=\"www/help/pam-ice-cream-sundae-open.png\" width=\"400\" alt=\"ice-cream-sundae-example\"\u003e\n\nThere are other features like memorable password generation and\ncustomized record fields that are described in the documentation\nbelow.\n\nPlease note that this is not the first tool I have written to manage\npasswords but it is meant to be the last. If you are interested in\nwhat motivated me to create yet another tool, see the\n_[Security Considerations](#security-considerations)_\nand\n_[Reasons to consider using PAM](#reasons-to-consider-using-pam)_.\nIf you are interested in the genesis of _PAM_ and the stories of its\npredecessors, see the [History](#history) section.\n\nI hope that you also find useful in some way.\n\n## Overview\n_PAM_ is a pretty simple application. It is basically a record editor\nthat runs in your browser that allows you to create records with\ninteresting information that can then be stored and retrieved in a\nsecure way.\n\n### Reasons to not use PAM\nThis section talks about why you may not need or want to use _PAM_.\n\n#### Reason 1: You want browser autofill\nThe most important reason not to use PAM is that it has no browser\nintegration. Mainstream password managers like\n[Bitwarden](https://bitwarden.com) automatically detect login forms\nand fill in your credentials with a single click or tap. PAM requires\nyou to manually copy each field to the clipboard and paste it into\nthe browser. For day-to-day web login use, that friction adds up\nquickly.\n\nIf autofill is important to you — and for most people it is — use\nBitwarden or a similar tool instead.\n\n#### Reason 2: You already have something that works\nIf you are already using a password manager, an Excel spreadsheet, a\ntext file, or any other method that works for you, you should keep\nusing it. There is no reason to switch.\n\n#### Reason 3: Too complex\n_PAM_'s record and field model is more flexible than a typical password\nmanager, but that flexibility comes with some complexity. Creating\nrecords, managing field types, and maintaining your own encrypted file\nrequires more engagement than simply installing a browser extension.\nIf you want something that works without thinking about it, a\nmainstream password manager will serve you better.\n\nThe features and design decisions behind PAM are discussed in the next\nsection to help you decide whether any of them matter to you.\n\n### Reasons to consider using PAM\n\nThis section presents the nine primary reasons that motivated me to\ndevelop _PAM_. They are provided to help you determine whether\n_PAM_ might be interesting to you.\n\n#### Reason 1: No Client Server Communications\n_PAM_ is a single page web application (SPA) that has no backend which\nmeans that it never communicates with an external site which protects\nit from some types of cyber attacks as detailed in the\n[Security Considerations](#security-considerations) section.\n\n#### Reason 2: Record Model\nIn _PAM_, information is organized into files composed of records that\neach have a unique title and are, in turn, composed of fields that\nhave a name, a type and a value. This approach is similar\nto organizing information using index cards or a rolodex.\n\nFollowing the index card analogy a little further, we can use a\nsimple example to understand the record model a bit better.\n\nA recipe would be something you might store on an index card. Each\nrecipe could be a single record that might contain the _title_ (the\nname of the recipe), the _ingredients_ (a field) and the\n_instructions_ (another field).\n\n##### Simple Recipe Record\n\nSo what would a simple dessert recipe look like as a in _PAM_ record?\nWell, if you had a simple dessert recipe like this written on a card\nwith an attached picture.\n\n\u003c!-- PP: \u003cblockquote style=\"border: 1px black solid; width: 32ch\"\u003e PP: --\u003e\n\n\u003cimg src=\"www/help/ice-cream-sundae.jpg\" width=\"200\" alt=\"ice-cream-sundae\"\u003e\n\n```\nIce Cream Sundae\n\ningredients\n1. 3 scoops vanilla ice cream\n2. 1 banana (sliced up)\n3. chocolate sauce\n4. (optional) nuts\n5. (optional) Maraschino cherry\n6. whipped cream\n\ninstructions\n1. put ice cream in bowl\n2. add slices of banana\n3. add nutes\n4. pour chocolate on top\n5. add whip cream\n6. put the cherry on top.\n```\n\n\u003c!-- PP: \u003c/blockquote\u003e PP: --\u003e\n\nIt would look like this when you _create_ it in _PAM_.\n\n\u003cimg src=\"www/help/pam-ice-cream-sundae-new.png\" width=\"400\" alt=\"ice-cream-sundae-example\"\u003e\n\nIt would look like this when you _view_ it in _PAM_ in edit mode.\n\n\u003cimg src=\"www/help/pam-ice-cream-sundae-open.png\" width=\"400\" alt=\"ice-cream-sundae-example\"\u003e\n\nIn this _\"recipe\"_ record, the title is `\"Ice Cream\nSundae\"` and the two fields \"ingredients\" and \"instructions\" contain\nthe multiline (`textarea`) descriptions of what the ingredients and\ninstructions are for this specific recipe. And, finally, there is an\n\"html\" field that contains the image.\n\nNote that the record field names \"ingredients\" and \"instructions\" used\nin this example are custom _field names_.\nThey are not available by default. The \"html\" field _is_ a default field.\n\nCustom fields can be created by adding new fields to the default\nfields defined in the preferences so they are available all of the\ntime.\n\nFor this example I created two new _textarea_ fields named\n\"ingredients\" and \"instructions\" so that users could enter multiple\nlines and removed all of the other default fields except the \"html\"\nfield because they were not needed. I kept the default \"html\" field\nbecause I wanted to be able add pictures to the recipes. Here is what\nthe preferences look like after the modifications were made.\n\n\u003cimg src=\"www/help/pam-recipe-prefs.png\" width=\"400\" alt=\"default\"/\u003e\n\n##### Simple Account Record\n\nOf course, there are many other types of records that might be\ninteresting to store in _PAM_ that can use the default record\nfields _as is_.\nSee the [Fields](#fields) section for a description of the default\nrecords and their types.\n\nOne common one is a record for each account that you need to login\ninto where you information about how to login is stored so you don't\nhave to remember it.\n\nSuch an _\"account\"_ record would have, at a minimum, the web address\n(URL), the login name and the password of the account.\n\nNote that this simplified example is only meant to show the basic\nidea of importance of supporting record formats that are different\nthan recipes. For a real account record you would probably want to add\nadditional fields like an email address or a notes field.\n\nHere is what the simple account record would look like.\n\n\u003cimg src=\"www/help/pam-google-account.png\" width=\"400\" alt=\"google-account-example\"\u003e\n\nNote that the password is hidden in the example above.\n_PAM_ always hides the contents of passwords by default.\n\n##### Record Model Summary\n\nBoth records look quite different. Recipes records have\nfields for \"ingredients\" and \"instructions\" whereas account records\nhave fields for the \"url\", \"login\" and \"password\". However, in both\ncases they have the same basic structure: a title and a set of fields\nthat are relevant to recipes or accounts.\n\nYou could easily imagine defining other records that contain\ninformation for other topics like _\"books read\"_ or _\"unidentified\naerial phenomena\"_ or _\"bird watching\"_ which would undoubtedly\nrequire different fields. The idea of topics is dicussed in more\ndetail in the [Topics](#topics) section.\n\nIn my view, this approach of using _records composed of fields_\ndoes a better job of representing this type of information than a\nspreadsheet or a text file.\n\n#### Reason 3: Searching\n_PAM_ allows you to search records by their title or their field\nnames and values. It also filters out the records that don't match\nto make it easier to see the matching records visually.\n\nThe availability of fast interactive searching makes finding records\neasy.\n\nThis is what search/filtering looks like for all example records that\ncontain a \"g\" in them. Note that, by default, search operations are\ncase insensitive but that can be changed in the preferences.\n\n\u003cimg src=\"www/help/pam-search-g.png\" width=\"400\" alt=\"search-g\"/\u003e\n\nNote that regular expressions can be used as well as shown in the\nexample below that looks for records that start with \"g\".\n\n\u003cimg src=\"www/help/pam-search-g-re.png\" width=\"400\" alt=\"search-g-re\"/\u003e\n\nSee [Search](#search) for more details.\n\n#### Reason 4: Automatic Password Generation\nI always find it hard to come up with passwords in the spur of the\nmoment so _PAM_ was built with the ability to automatically generate\npasswords.\n\nOf course almost all browsers and password tools provide this same\ncapability nowadays, but they tend to generate secure, cryptic, hard\nto memorize passwords which is perfectly fine for passwords for most\naccounts.\n\nBut there are a cases when you need a password that must be typed in\nmanually like the login password for a computer that does not use\nbiometric scanning or a key FOB. In those cases it is beneficial to\nhave a password that is secure, easy to remember and easy to type\nbecause you cannot access a password management system _before you\nlogin_.\n\nI call passwords of this type _memorable_ passwords. They are composed\nof common lower case English words with an optional prefix, an\noptional separator between each word and an optional suffix.\n\nOften, the prefix and suffix are used to guarantee that the password\ncontains the correct mix of characters that the authentication system\nrequires, like, at least one capital letter, at least one digit and at\nleast one special character.\n\nTo make these concepts a bit clearer, here are examples of a cryptic\nand a memorable password.\n\n| \u003c!-- --\u003e | \u003c!-- --\u003e |\n| -------- | -------- |\n| cryptic | `Rf5NaR7LH2LbZMRhkPCfeG8` |\n| memorable | `A1/health/mpegs/hopes!!` |\n\nIn this example, the memorable password word separator is `\"/\"`, the\nprefix is `\"A1/\"` (capital letter and digit) and the suffix is `\"!!\"`\n(special characters).\n\nTo help with this, _PAM_ was built with the ability to generate _cryptic_\nand _memorable_ passwords.\n\nFor more detailed information about password generation in _PAM_ see the\n[Password Fields](#password-fields) section.\n\n#### Reason 5: File Based Storage\n_PAM_ uses files to load and store the record data.\n\nUsing a file means that the user does not have to rely on the\ncybersecurity infrastructure of a company running a web server and\nstoring your data at their site or another third party site. This was\nalluded in\n[Reason 1: No Client Server Communications](#reason-1-no-client-server-communications)\nbut that is not the _only_ advantage of using files.\n\nA _PAM_ file is composed of a set of records. Any records you like.\nYou can use a single file for all of your records or you can have\nmultiple files where each file contains records that are somehow\nrelated like records of _\"recipes\"_ or _\"book reviews\"_\nor _\"my favorite species of Euglena\"_.\n\nWhat this means is that you can group records associated by a topic in\ndifferent files to make them easier to organize and find. This\nability to organize files around topics is the other reason that I\nprefer the file based storage model.\n\nFor a more detailed discussion about how the user controls the\norganization of the records and fields in a file see the\n[Reason 2: Record Model](#reason-2-record-model)\nsection of this document.\n\nAs a side note, I store my personal _PAM_ record files in _Apple iCloud_\nwhich is one of many cloud based storage services like _Dropbox_, _Google\nDrive_ and _Microsoft OneDrive_.\n\nFor files I want to share with other folks, I use _Google Drive_ to\nstore the file and then share it.\n\nWhen properly configured all of these storage services store the _PAM_\nrecord file in the cloud so that it is available to anyone who knows\nthe file password as long as their laptop, phone or tablet is\nauthorized to access the storage service.\n\nOf course you could simply load and save the data to a local file but\nthat _might_ restrict your ability to access to it from other devices\n(like mobile phones or tablets). Not only that but you would have to be\nvery diligent about keeping it backed up so that you would not lose\ndata if the local file was corrupted or lost.\n\n#### Reason 6: Secure Context Encryption\nWhen records are stored in a _PAM_ file they can be encrypted using a\npassword. As of v2 (April 2026), the password is used with a\nhigh-iteration PBKDF2-SHA-256 key derivation function and a\nproperly random salt to produce an\n[_NIST certified_](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program)\nAES-256-CBC key.\n\nUsing a certified encryption algorithm provides a strong security\nguarantee which means, that if an encrypted _PAM_ file is stolen, the\nrecord data is considered safe from hackers trying to crack the\ncontents _if a strong password was used_.\n\n\u003e **Note for existing users:** PAM v1 files used a lower iteration\n\u003e count and had a salt entropy bug. If you have v1 files, re-save them\n\u003e in PAM to upgrade them to the v2 format. See\n\u003e [MIGRATION.md](./MIGRATION.md) for details.\n\nPasswords like _\"secret\"_ or _\"password123\"_ or any other password\nthat can be found in freely available password dictionaries like the\n[Kali password dictionary](https://kalitut.com/best-password-dictionary/#Kali_password_dictionary)\nare _not_ strong and will _not_ protect your data because they are easy to guess.\n\n_Always_ use a strong password to make it hard to guess. Typically a strong\npassword would have at least 20 characters would not include any personally\nidentifiable information (PII) like your name, birth date or address. Also\n_never, ever_ use the same password for two different sites. This is\nto protect you from hackers if a site you use to is attacked and your\npassword is stolen.\n\nI recommend reading\n[NIST Password Guidelines](https://www.auditboard.com/blog/nist-password-guidelines/)\nfor more information about how to create strong passwords.\n\nAs an interesting aside, note that `AES-256-CBC` algorithm is\nconsidered to be reasonably resistant to quantum attacks as discussed\nin the literature. For example,\n[here](https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not)\nis one relevant exchange from a `crypto.stackexchange.com` discussion.\n\n_PAM_ encryption and decryption operations are provided by and run\n_inside_ the _secure context_ of the browser. This is the same _secure\ncontext_ used for accessing sites securely for transactions, like your\nbank. In practice this means that you must access _PAM_ from an HTTPS site.\n\nThe safety and security of _secure context_ operations is taken very\nseriously by the internet standards organization and the organizations\nthat develop the major browsers.\n\nYou can read more about secure contexts\n[here](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).\n\n#### Reason 7: Hiding Passwords from Casual Observers\n\nPasswords and other secrets are automatically hidden on the screen\n(displayed as asterisks) so that someone looking over your shoulder\ncannot read them unless you choose to make them visible. You can read\nmore about why this is beneficial in the\n[Security Considerations](#security-considerations) section.\n\nThis is the default hidden view of a password. You can see that the\npassword value is all _asterisks_.\n\n\u003cimg src=\"www/help/pam-password-hidden.png\" width=\"400\" alt=\"password-hidden\"\u003e\n\nThis is the same view of a password when it is not hidden.\nYou can now see the password value.\n\n\u003cimg src=\"www/help/pam-password-shown.png\" width=\"400\" alt=\"password-shown\"\u003e\n\n#### Reason 8: Access from mobile devices\n\nThe record files can be accessed from mobile devices so the user has access to the\nrecords anywhere as described in the\n[Reason 5: File Based Storage](#reason-5-file-based-storage)\nbut that does not necessarily imply that the interface is _mobile friendly_.\n\nWhat makes _PAM_ mobile friendly is that it is implemented using the\n[bootstrap-5](https://getbootstrap.com/docs/5.0/getting-started/introduction/)\nlibrary to make the interface work better in the browsers present on\nmobile devices. PAM also supports installation as a\n[Progressive Web App (PWA)](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Installing),\nwhich means you can add it to your home screen and use it like a\nnative app without going through an app store.\n\n#### Reason 9: FOSS\n\nLast but not least, one compelling reason to try _PAM_ is that it is\nfree and open source software (FOSS) so you can try it without any\nobligation or cost. You can also help find and fix bugs or improve\nthe UI.\n\n### PAM vs mainstream password managers\n\n_Analysis: April 2026. Compared against Bitwarden and 1Password as representative mainstream alternatives._\n\n**TL;DR — direct most users to a mainstream product like [Bitwarden](https://bitwarden.com).** PAM has no browser autofill, which is a dealbreaker for everyday web login use. It excels as a flexible encrypted notebook for non-password data (medication lists, account numbers, notes, recipes) and for users who want zero cloud dependency.\n\n| Feature / use case | PAM | Bitwarden / 1Password | Verdict |\n| --- | --- | --- | --- |\n| **Core password management** | | | |\n| Password storage \u0026 retrieval | Manual copy/paste — no browser integration so credentials must be copied to the clipboard and pasted into login forms | Automatic autofill via browser extension or native app | PAM loses — manual copy/paste for every login is significant friction |\n| Password generation | Yes — cryptic and memorable | Yes — cryptic only by default | PAM wins — memorable passwords are unique to PAM |\n| Multi-device sync | File-based — works naturally on iCloud/Dropbox for single users | Automatic cloud sync | PAM loses for teams; single-user sync via iCloud/Dropbox works naturally |\n| Mobile access | Mobile-friendly browser UI; PWA install available; no native app | Native iOS/Android app with Face ID | PAM loses — no native app, though PWA install is available |\n| **Security model** | | | |\n| Local-only operation | Fully local — no server traffic after page load | Cloud-dependent; requires trust in vendor | PAM wins for offline/air-gapped scenarios |\n| Encryption | AES-256-CBC; v2 format (shipped April 2026) fixes PBKDF2 iteration count and salt entropy bug. Existing v1 files need manual re-save to upgrade. | AES-256, strong PBKDF2 / Argon2 KDFs | Tie — v2 closes the gap; v1 files remain weak until re-saved |\n| Zero-knowledge architecture | Inherently — no server ever sees data | Bitwarden: yes. 1Password: yes | Tie |\n| Audit / breach alerts | None — if a third-party site you use is breached and your credentials leaked, PAM has no way to notify you. PAM's own encrypted data remains secure. | Bitwarden checks passwords against HaveIBeenPwned; 1Password's Watchtower flags breached, weak, and reused passwords automatically | PAM loses on monitoring — not because PAM's data is at risk, but because it cannot alert you when third-party sites you have accounts on are breached |\n| **Flexible / non-password data** | | | |\n| Free-form text records | Excellent — first-class textarea fields | Secure notes exist but limited formatting | PAM wins for general text storage |\n| Custom field types | Full HTML input types: text, textarea, url, phone, email, number, html | Fixed item templates; some custom fields | PAM wins — more flexible data model |\n| Medication lists / account numbers | Natural fit — textarea records work well | Possible via secure notes; not purpose-built | PAM wins for structured non-password data |\n| Images / rich HTML in records | html field type renders inline | Attachments only; free cloud tier excludes them | PAM wins for embedding inline content |\n| Search across all fields | Title, field name, field value; regex support | Vault-wide search | Tie; PAM's regex is a plus |\n| **Usability \u0026 setup** | | | |\n| Setup complexity | Open browser URL; file management required | App install + account creation | Comparable; PAM needs no account but needs file discipline |\n| Sharing credentials | Share the file + master password via out-of-band channel | Built-in sharing with fine-grained permissions | PAM loses — coarse sharing only |\n| Offline use | Full — no dependency on external service | Local vault cache; full offline possible | PAM wins — no caching surprises |\n| Cost | Free, open-source (MIT) | Bitwarden free tier; paid for advanced features. 1Password paid only. | PAM wins on cost |\n| **Bottom line** | | | |\n| Recommended for most users? | No — autofill absence is a dealbreaker for daily web login use | Yes — Bitwarden in particular covers the common case well | Direct most users to Bitwarden |\n\n**PAM shines when** the user wants zero cloud dependency; needs flexible record types for non-password data (medication lists, account numbers, notes, recipes); is comfortable managing files manually; or needs a fully auditable FOSS tool.\n\n## Records\n\nRecords composed of fields are a key concept in _PAM_ as described in\n[Reason 2: Record Model](#reason-2-record-model).\n\nThis section talks about how records are presented in _PAM_ using an\nexample with seven records that contain confidential information for\n\"Amazon\", \"Email\", \"Facebook\", \"Github\", \"Google\", \"Netflix\" and\n\"Stack Exchange\" fictional accounts from the [Load File](#load-file) example.\n\nSee the [Create New Record](#create-new-record) section for details about how to create\nrecords and the [Topics](#topics) and [Fields](#fields) sections for more details\nabout their contents.\n\n### Unexpanded View of all Records\nWe start with the unexpanded view of all records as shown below.\n\n\u003cimg src=\"www/help/pam-example-records.png\" width=\"400\" alt=\"example-records\"\u003e\n\n_PAM_ presents the records as an accordion. Each record\nis one entry in the accordion that you can expand to view the record fields\nor [delete](#delete-record), [deactivate](#deactivate-record), [clone](#clone-record) or\n[edit](#edit-record)\n the record.\n\nTo get the information for an account you click or tap the button.\n\nAt the top of the screen is the search bar and, at the far right, the\nmenu.\n\nAt the bottom of the screen is a status and controls section that shows status\nmessages. On the right side of the status and controls section are two buttons: the\ndark/light mode toggle and a **✨ Pwd Gen** button that opens a\nstandalone password generator. The standalone generator is useful when\ncreating a new account somewhere and you need a strong password before\nyou have a PAM record to attach it to. Click a generated password to\ncopy it to the clipboard, then paste it wherever you need it.\n\n### Expanded View of a Record\nOnce you click on or tap a record it expands as shown below where\nthe \"Facebook\" record was tapped.\n\n\u003cimg src=\"www/help/pam-record-expanded.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nYou can see that there are three fields in the record: \"url\", \"login\" and \"password\",\nnext to each field there is a icon that looks like a clipboard\n\u003cimg src=\"www/icons/blue/clipboard.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e.\n\n\u003cimg src=\"www/help/pam-record-expanded-fields.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nIf you click or tap the clipboard icon,\nthe field contents will be copied to the clipboard so that you can paste them into a login\ndialogue.\n\nIn addition to the clipboard icon there is another icon that looks like\nan eye\n\u003cimg src=\"www/icons/blue/eye.svg\" height=\"32\" width=\"32\" alt=\"eye\"/\u003e\nthat shows up for password field. If you click or tap it, the\npassword will be shown in plaintext and the icon will change to\nan eye with a slash through it\n\u003cimg src=\"www/icons/blue/eye-slash.svg\" height=\"32\" width=\"32\" alt=\"eye-slash\"/\u003e.\nBy default all passwords are hidden so that they are not visible to\ncasual observers. Click or tap it again to re-hide the password.\nPasswords are correctly copied to the clipboard at all times even\nwhen the password is hidden.\n\nIn addition there are three buttons at the bottom\n\"\u003cimg src=\"www/icons/blue/trash.svg\" height='32' width='32' alt='trash'/\u003e\u0026nbsp;Delete\" to delete the record,\n\"\u003cimg src=\"www/icons/blue/files.svg\" height='32' width='32' alt='files' /\u003e\u0026nbsp;Clone\" to clone the record and\n\"\u003cimg src=\"www/icons/blue/pencil-square.svg\" height='32' width='32' alt='pencil-square'/\u003e\u0026nbsp;Edit\" to edit the record fields.\n\nAs shown below.\n\n\u003cimg src=\"www/help/pam-record-expanded-fields2.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nThe fields _in_ records are completely customizable when you select the `\"Edit\"` option.\n\nFields are added _to_ the record by selecting a new field from the\n`\"New Record\"` drop down menu as shown below for the `\"Facebook\"`\nrecord but these fields can _also_ be changed.\nSee the [Custom Fields](#custom-fields)\nand [Field Types](#field-types) sections for details.\n\n\u003cimg src=\"www/help/pam-record-expanded-edit-facebook-new-field.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nFields are modified _in_ the record by editing them directly and they\nare deleted _from_ the record by clicking on the\n\u003cimg src=\"www/icons/blue/trash.svg\" height='32' width='32' /\u003e icon.\n\n\u003cimg src=\"www/help/pam-record-expanded-edit-facebook.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\n## Topics\n\nTopics define how records are related. They provide a convenient\nabstraction for organizing related records in files. Topics are\ncompletely arbitrary. For example a topic could be something like\n_\"recipes\"_ or _\"accounts\"_ or _\"unidentified aerial phenomena\"_ or\n_\"my favorite cryptography algorithms\"_ or _\"green things\"_.\n\nOne way to use topics is to keep records related by a topic in separate\nfiles. For example, you could define a \"`recipes.txt`\" file for all of\nyour recipe records (topic: _\"recipes\"_ or _\"stuff to cook\"_) and an\n\"`accounts.txt`\" for your account records (topic: _\"accounts\"_).\n\nOr, you could completely disregard organizing by topics and put all of\nyour records into a single file like \"`myrecords.txt`\".\n\nNote the use of the \"`.txt`\" extension in the previous paragraphs.\nAlthough the \"`.pam`\" file extension is supported for record files\nand it works on laptops. It does not always work on mobile devices\nso a records file named \"`myrecords.pam`\" might not be readable\nby the mobile browser. Thus, I recommend using the \"`.txt`\" for all\nrecord files for maximum portability.\n\n## Fields\nRecords are composed of fields. Each field has a unique name, a type\nand a value.\n\nThe field _name_ is arbitrary and is meant to describes how the data in the\nfield is used. For example, an \"ingredients\" field would indicate that the value\nis a list of ingredients and a \"number\" field would indicate that the value\nis a number. An example of a field _name_ might be \"mobile phone\".\n\nThe field _type_ explicitly describes the type of data that field\nholds like a \"number\" or a \"phone\" or an \"email\". Types are\nbuilt in and strictly enforced by javascript.\n\nAn example of the difference between a _name_ and a _type_ would be a\nfield named \"mobile\" of type _phone_. The name describes _how_ it is\nused whereas the type describes _what_ the input type is which, in\nturn, dictates what user inputs are acceptable. A description of each\nbuilt in record field type can be found in the\n[Field Types](#field-types)\nsection.\n\nThe field _value_ is the unique value for the field in an individual\nrecord that is set when a field is created or edited. For example, an\nfield named \"email\" of type \"email\" could have a value \"wombat@foo.io\"\nthe _name_ and the _type_ could be the same for all records that had an \"email\"\nfield but the _value_ would vary.\n\nThe default record fields are the fields that are available in the\n`\"New Field\"` pull down menu when a record is created or edited. They\nare defined in the\n[Preferences](#Preferences)\nsection and they are stored in each records _file_ along with the\nrecords so each records file can have different default fields.\n\nFor example a file of recipe records would probably want fields of\ntype _\"textarea\"_ named \"ingredients\" and \"instructions\" but a file of\n_\"books read\"_ records probably would not. Instead it might want\n_\"text\"_ fields named \"author\" and \"publisher\" along with, possibly, a\nfield of type _\"number\"_ named \"copyright\".\n\nSee the [Record Fields](#record-fields) section for details about how\nto add or modify the default record fields in the preferences dialogue.\n\nThere is a second more obscure way to define field names. You can\nchange field names _when you create or edit an individual record_ by\nsetting the\n[Enable Editable Field Name](#enable-editable-field-name)\npreference.\n\nThis capability is _not_ enabled by default to avoid confusion between\nthe \"name\" input and the \"value\" input as shown below. Normally only\nthe \"value\" input is shown.\n\nTypically there is no reason to change record field names on a per\nrecord basis. It is better to add the new record fields to the default\nlist in the preferences.\n\n\u003cimg src=\"www/help/pam-change-field-name.png\" width=\"400\" alt=\"change-field-name\"\u003e\n\n### Field Types\n\nRecord field types define the type of each field that you define for a\nrecord. They are based on HTML _input_ element types except for the\n_\"textarea\"_ type which is a HTML _textarea_ element that is displayed\nas _preformatted_ text (\u0026lt;pre\u0026gt;\u0026lt;/pre\u0026gt;) and the _\"html\"_ type\nwhich is also a HTML _textarea_ type but is displayed as raw HTML so\nit can be used for inserting images. They are presented below as\nsimple types regardless of the underlying HTML element to avoid\nunnecessary complexity.\n\nYou can change, add or delete record field _names_ here if you wish to\ncustomize the user experience but you cannot change the built in\n_types_. For example, you change the record field name _\"note\"_ from a\n_\"textarea\"_ field to a _\"text\"_ but there is no way to add a new built in\ntype to the drop down list from the user interface.\n\nThese are the default field definitions.\n\n\u003cimg src=\"www/help/pam-default-record-fields.png\" width=\"400\" alt=\"default\"/\u003e\n\nThe table below presents a brief overview of the default record\nfields and their associated built in types and when to use them. You\ncan search the web for more details about\n[HTML input types](https://developer.mozilla.org/en-US/docs/Learn/Forms/HTML5_input_types).\n\n| Type | Usage |\n| ---- | ----- |\n| datetime-local | A datetime text string. Use it if you _only_ want to accept a datetime value. A typical usage might be the date that you finished reading a book. |\n| email | An email text string. Use it if you _only_ want to accept an email value. A typical usage might be the email address of a contact. |\n| html | Textarea data that is rendered directly as HTML. A typical usage might be to reference an image or to display formatted text. |\n| number | A numeric value (integer or decimal). PAM validates that the value is a valid number before saving — non-numeric input will be rejected with a clear error message. A typical usage might be a measurement like height or width or a copyright year. |\n| password | A secret text string that is normally displayed as asterisks (`****`) with an eye (\u003cimg src=\"www/icons/blue/eye.svg\" height=\"32\" width=\"32\" alt=\"eye\"/\u003e) button that can be clicked or tapped to show the value. |\n| phone | A phone number text string. Use it if you _only_ want to accept a phone number value. A typical usage might be a mobile phone number. |\n| text | A string, like a name or keyword. You can use this for any text but it is especially useful when a field can be multiple types like an email or a name. A typical usage might be a login name where the value might be a name like \"wiley\" or an email like \"wcoyote@acme.io\" or a number like \"12345678\". |\n| textarea | A multi-line text box. A typical usage might be a note or a list of recipe ingredients. |\n| url | A text string that is a uniform resource locator (URL). Use it if you _only_ want to accept a URL value. A typical usage might be the path to an account like `https://google.com` |\n| username | A username. This may be slightly different than a login because a login could be an email address but, in general, it probably makes more sense to user `login` rather than `username`. |\n\nRemember that the types were not made up by me, they were\ntaken directly from input element description\n[here](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input),\nthe separate textarea element is described\n[here](https://developer.mozilla.org/en-US/docs/Web/API/HTMLTextAreaElement).\n\n\n### Custom Fields\nIt is oftentimes the case that all of the _default_ record fields are\nnot needed for the records you are managing or you may want to define\nnew, custom fields that are more intuitive for your records. This\nsection shows you how to do that.\n\nHere is an example that shows a recipe record with \"ingredients\" and\n\"instructions\" fields.\n\n\u003cimg src=\"www/help/pam-ice-cream-sundae-open.png\" width=\"400\" alt=\"ice-cream-sundae-example\"\u003e\n\nHere is what the preferences look like after \"ingredients\" and \"instructions\" record fields\nhave been added and the previous default record fields other than _\"html\"_ have been pruned out.\n\n\u003cimg src=\"www/help/pam-recipe-prefs.png\" width=\"400\" alt=\"ice-cream-sundae-example-prefs\"\u003e\n\nHere is an example that shows an account record with \"url\", \"login\"\nand \"password\" record fields.\n\n\u003cimg src=\"www/help/pam-google-account.png\" width=\"400\" alt=\"google-account-example\"\u003e\n\nHere is what the preferences look like with the other fields pruned out.\nThe \"url\", \"login\" and \"password\" record fields are part of the default.\n\n\u003cimg src=\"www/help/pam-google-account-prefs.png\" width=\"400\" alt=\"google-account-example-prefs\"\u003e\n\nThis is what they will look like in the `\"New Record\"` pull down menu\nwhen creating or editing a record.\n\n\u003cimg src=\"www/help/pam-new-record-field-1-select.png\" width=\"400\" alt=\"new-record-field-1-select\"\u003e\n\n## Password Fields\n\nPassword fields are a special case for the following three reasons.\n\nFirst, they provide a generator that allows you to automatically\ncreate passwords at the click or tap of a button.\nFor information about preferences that can be used to customize\npassword generation see\n[Password Preferences](#password-preferences)\n\nSecond, they always hide the value by default so that it can be seen\nby someone observing your screen.\n\nAnd, finally, because they provide the ability to generate two\ndifferent types of passwords: cryptic and memorable.\n\n### Cryptic Passwords\nCryptic passwords consist of letters, digits and\nspecial characters.\n\nHere is an example: `'N5yAb!XfGa3vELPsK95K4/AAz8mts'`.\n\nCryptic passwords tend to be hard to memorize for most people.\n\nThey are perfect for cases where you don't have to type the\npassword in because they are hard to crack.\n\n### Memorable Passwords\nMemorable passwords are used to define passwords that must\nbe typed in manually, as described in the\n[Reason 4: Automatic Password Generation](#reason-4-automatic-password-generation)\nsection which means that it is important that they are secure, easy to\ntype and to remember.\n\nThey are composed of common lower case English words with an\noptional prefix, an optional separator between each word and an\noptional suffix. Often, the prefix and suffix are used to guarantee that the password\ncontains the correct mix of characters that the authentication system\nrequires, like, at least one capital letter, at least one digit and at\nleast one special character.\n\nThe security rationale for memorable passwords is described in this article:\n[The logic behind three random words](https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words).\n\nHere is an example: `'Z0/rebates/restructuring/jamaica??'` where the prefix is `'Z0/'`,\nthe separator is `'/'` and the suffix is `'??'`.\n\nMemorable passwords tend to be easier to memorize than cryptic\npasswords for most people.\n\n### Hidden Password Representation\nHere is an example that shows a password in its standard hidden form.\n\n\u003cimg src=\"www/help/pam-record-expanded-fields.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nTo make the password visible, click or tap on the\n\u003cimg src=\"www/icons/blue/eye.svg\" height=\"32\" width=\"32\" alt=\"eye\"/\u003e icon.\n\nThe password can be copied to the clipboard when it is hidden by\nclicking on the\n\u003cimg src=\"www/icons/blue/clipboard.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e\nicon.\n\n### Visible Password Representation\nHere is an example that shows a password in its visible hidden form.\n\n\u003cimg src=\"www/help/pam-record-expanded-password.png\" width=\"400\" alt=\"record-expanded-password\"\u003e\n\nThe password can be copied to the clipboard by clicking on the\n\u003cimg src=\"www/icons/blue/clipboard.svg\" height=\"32\" width=\"32\" alt=\"clipboard\"/\u003e\nicon.\n\nTo hide the password, click or tap on the\n\u003cimg src=\"www/icons/blue/eye-slash.svg\" height=\"32\" width=\"32\" alt=\"eye\"/\u003e icon.\n\n### Password Generator\nPAM has two password generators:\n\n1. **Record field generator** — opened by clicking the\n\u003cimg src=\"www/icons/blue/gear.svg\" height='32' width='32' /\u003e\nicon on a password field inside a record. The generated password is\ninserted directly into the field when you click it.\n\n2. **Standalone generator** — opened by clicking the **✨ Pwd Gen**\nbutton in the toolbar footer. Use this when you need a strong password\nfor a new account before you have created a PAM record for it. Click\nany generated password to copy it to the clipboard.\n\nBoth generators produce the same set of options: one cryptic password\nand five memorable passwords.\n\nThis is what the record field password dialogue looks like with no generator.\n\n\u003cimg src=\"www/help/pam-password-no-generator.png\" width=\"400\" alt=\"password-no-generator\"\u003e\n\nWhen you click or tap on the \u003cimg src=\"www/icons/blue/gear.svg\" height='32' width='32' /\u003e icon,\ncryptic and memorable passwords are generated and the password\ngenerator dialogue appears.\n\n\u003cimg src=\"www/help/pam-password-generator.png\" width=\"400\" alt=\"password-generator\"\u003e\n\nIt always generates five memorable passwords to provide\nchoices. I found that more useful than the original\nimplementation which only had a single choice.\n\n\u003e The decision to present five memorable passwords was completely\n\u003e arbitrary but it seems to work well enough for my needs and can easily be\n\u003e changed.\n\nClick or tap on the \u003cb\u003eRegenerate\u003c/b\u003e button to generate a new set of passwords.\n\nTo choose a generated password simply click or tap on it and it will\nbe added to the field value.\n\nSee the [Password Preferences](#password-preferences) section about\nhow to define the prefix and suffixes for memorable passwords.\n\n\n## Layout\n_PAM_ is a simple single page web application (SPA). It consists of three\nbasic parts: the menu and search section, the records section and the\nstatus and controls section.\n\nThe status and controls section (footer) contains the dark/light mode toggle buttons\non the left, a status message area in the center, and on the right a\n**✨ Pwd Gen** button for the standalone password generator. If the\nfile password cache strategy is set to `local`, a **⚠ PASS: LOCAL**\nwarning badge also appears on the right.\n\nIt looks something like this\n\n\u003cimg src=\"www/help/pam-basic-sections.png\" width=\"400\" alt=\"menu-bar\"\u003e\n\n### Menu and Search Section\nThe top section that contains a search input\nand a menu.\n\n#### Search\n\n_PAM_ allows you to search records by their title or their field\nnames and values to filter out records that do not match the search\npattern. This is extremely useful when the number of records\ngrows.\n\nThe search function at the top left supports case insensitive searches\nand regular expressions to make it easier to find records.\n\nThis can be very helpful for finding out where old\npasswords and obsolete accounts are still being used.\n\nHere is the made up list of account records from the [Load Files](#load-files) example:\n\n\u003cimg src=\"www/help/pam-search.png\" width=\"400\" alt=\"pam-search\"\u003e\n\nHere is the same list after filtering for those whose titles contain the\nletter `\"g\"`. Note that searches are case insensitive but you can change\nthat by unsetting the [Case Insensitive Searches](#case-insensitive-searches)\npreference.\n\n\u003cimg src=\"www/help/pam-search-g.png\" width=\"400\" alt=\"pam-search-g\"\u003e\n\nTo filter only those that start with `\"g\"` you\nwould use this regular expression search term instead: `\"^g\"`.\nwhich would result in only two records found.\n\nFor more information about regular expression syntax see the documentation\nfor [Javascript Regular Expressions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions).\n\nFor more information about how you control the all of\nthe available search options see the\n[Search Preferences](#search-preferences)\nsection.\n\n#### Menu\n\nThe menu at the top right is the control center for the application it\nhas a number of options as you can see below. This is what it looks\nlike.\n\n\u003cimg src=\"www/help/pam-menu.png\" width=\"400\" alt=\"menu\"\u003e\n\nAs you can see, there are seven menu options:\n\n1. [About](#about)\n1. [Preferences](#preferences)\n1. [New Record](#create-new-record)\n1. [Clear Records](#clear-records)\n1. [Load File](#load-file)\n1. [Save File](#save-file)\n1. [Help](#get-help).\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/info-circle.svg\" height='32' width='32' /\u003e\u0026nbsp;About\"\nentry to see information about the app.\nSee the [About](#about) section for more details.\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/gear.svg\" height=' 32' width='32' /\u003e\u0026nbsp;Preferences\"\nentry to see the preferences dialogue which allows you\nto customize some of the app behavior. There is a lot of stuff so you might want\nto read the [Preferences](#preferences) section before trying it.\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/plus-circle-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;New Record\"\nentry to create a new record.\nSee the [Create New Record](#create-new-record) section for more details.\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/trash3-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Clear Records\"\nentry to delete all of the records.\nThis is useful for times when you want to create a new collection of\nrecords that is saved in a separate file. For example, if you wanted\nto create a collection personal accounts in one file and a collection\nshared accounts for a group of folks (like a development team sharing\nAWS accounts).\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/file-arrow-up-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Load File\"\nentry to load a records file.\nSee the [Load File](#load-file) section for more details.\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/file-arrow-down-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Save File\" entry\nto save all of the records to a file.\nSee the [Save File](#save-file) section for more details.\n\nClick or tap on the \"\u003cimg src=\"www/icons/blue/question-circle.svg\" height='32' width='32' /\u003e\u0026nbsp;Help\"\nentry to see this help message.\n\n### Records Section\n\nUnderneath the top level bar, in the middle, is the records\nsection. Each record is shown as an entry that is displayed by its\ntitle. If you click or tap on the record title, the record will\nexpand to show the record contents (fields) and provide options for\ndeleting, cloning or editing the record contents.\n\nThis way of presenting the records is called an accordion display.\nBelow you can see how it expands after the \"Facebook\" entry has been\nselected.\n\n\u003cimg src=\"www/help/pam-record-expanded.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nThe expanded \"Facebook\" record has three fields: \"url\",\n\"login\" and \"password\".\n\n\u003cimg src=\"www/help/pam-record-expanded-fields.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nYou can copy the field values to the clipboard so that they can be\npasted into login forms.\n\n\u003e Note that the copy works for passwords whether the\n\u003e password is visible or not.\n\n\u003cimg src=\"www/help/pam-record-expanded-fields2.png\" width=\"400\" alt=\"record-expanded\"\u003e\n\nYou can also click or tap on the title of the opened record to close it.\n\nEach of the record management options is discussed in more detail in the\n[Functions](#functions) section.\n\n\n### Status and Controls Section\nBelow the records section, at the bottom, is the status and controls section where\nephemeral status messages are displayed. The messages disappear after\nabout 1.5 seconds but the duration is controlled by a preference that\nyou can set. See the [Preferences](#preferences) section for more\ninformation.\n\nThe status messages are used to provide activity feedback like showing\nhow many bytes were copied to a clipboard when a copy button is\nclicked or tapped as shown in the example below.\n\n\u003cimg src=\"www/help/pam-status-msg.png\" width=\"400\" alt=\"status-message\"\u003e\n\n## Menu Functions\nThe following sections will go over the basic menu functions that _PAM_\nprovides.\n\nIn a nutshell they are:\n\n1. [Display information About the application](#about)\n1. [Create New Record](#create-new-record)\n1. [Edit Record](#edit-record)\n1. [Delete Record](#delete-record)\n1. [Deactivate Record](#deactivate-record)\n1. [Clone Record](#clone-record)\n1. [Clear Records](#clear-records)\n1. [Save Records](#save-records)\n1. [Load Records](#load-records)\n1. [Help](#get-help).\n\nEach function will be discussed in a separate subsection below.\n\nNote that Preferences were not included because they have their own\ntop level section in this document.\n\n### About\n\nclick or tap on the \"About\" menu entry to get information about _PAM_.\nYou can even add custom HTML through the preferences that is stored\nfor each _PAM_ file.\n\nHere is a screen shot of what you would normally see with no customization.\nOf course details will vary, like the Commit, Branch or Version fields.\n\n\u003cimg src=\"www/help/pam-about.png\" width=\"400\" alt=\"about\"\u003e\n\nHere is the \"About\" dialogue with a simple custom message that uses\nbootstrap formatting classes.\n\n\u003cimg src=\"www/help/pam-about-custom.png\" width=\"400\" alt=\"about-custom\"\u003e\n\nCustom messages are defined in the \"Custom About\" field in the\n[Preferences](#preferences)\nas shown below. You can used plain HTML or bootstrap 5 classes (as\nshown in this example).\n\n\u003cimg src=\"www/help/pam-about-custom-pref.png\" width=\"400\" alt=\"about-custom-pref\"\u003e\n\nThe motivation for allowing custom messages is that someone might want\nto share a _PAM_ file or describe how the records are related. The\ncustom message would allow the person to provide their _imprimatur_ on\nthe collection.\n\n### Create New Record\n\nBefore reading this section, please make sure that you are familiar\nwith the ideas covered in the [Topics](#topics), [Fields](#fields) and\n[Password Fields](#password-fieldds) sections.\n\nCreating a new record is a very common activity in _PAM_ so I tried to\nmake it as easy as possible.\n\nThere are three different methods you can use to create new records:\n\n1. A record can be created in the application by clicking or tapping the \"New Record\" menu option,\n2. A record can be created in the application by cloning an existing record or\n3. A record can be created outside of the application by editing a JSON record file.\n\nEach method is discussed in detail in the following subsections.\n\n#### Method 1: Menu Approach\n\nThe first method, creating the record by clicking or tapping the \"New\nRecord\" menu option in the application, is probably the best way to\ncreate the first new record for a topic family. This is also known as\nthe \"menu\" approach and is shown below.\n\n\u003cimg src=\"www/help/pam-create-new-record.png\" width=\"400\" alt=\"new-rec\"\u003e\n\nTo show how it works, we will create a recipe record using\n\"ingredients\" and \"instruction\" fields. But first we need to define\nthem as default _\"textarea\"_ fields in the [Preferences](#preferences)\ndialogue. So the available records look like this.\n\n\u003cimg src=\"www/help/pam-recipe-prefs.png\" width=\"400\" alt=\"default\"/\u003e\n\nTo create a new record using the menu approach click or tap on the\n`\"New Record\"` option from the menu.\n\n\u003cimg src=\"www/help/pam-new-record-menu.png\" width=\"400\" alt=\"new-record\"\u003e\n\nThat will popup a dialogue that looks like this.\n\n\u003cimg src=\"www/help/pam-new-record.png\" width=\"400\" alt=\"new-record\"\u003e\n\nYou can now type in the record title.\n\n\u003cimg src=\"www/help/pam-new-record-title.png\" width=\"400\" alt=\"new-record\"\u003e\n\nFrom there you click or tap on the `\"New Field\"` pulldown to select\nand create the first record field. Don't worry if you select the wrong\none, they are easy to delete.\n\nHere is where you select \"ingredients\" for the first field.\n\n\u003cimg src=\"www/help/pam-new-record-field-1-select.png\" width=\"400\" alt=\"new-record-field-1-select\"\u003e\n\nPopulate it by typing into the _\"textarea\"_ box.\n\n\u003cimg src=\"www/help/pam-new-record-field-1.png\" width=\"400\" alt=\"new-record-field-1\"\u003e\n\nNow do the same thing to create an \"instructions\" field.\n\n\u003cimg src=\"www/help/pam-new-record-field-2.png\" width=\"400\" alt=\"new-record-field-2\"\u003e\n\nOne interesting thing to understand is that you can _change the order\nof the fields_ by dragging them up or down. To do that select the\nfield title at the top of the box (fieldset) and move it. This can\nalso be done when editing the record.\n\nHere is what it looks like when I dragged the \"instructions\" field up.\n\n\u003cimg src=\"www/help/pam-new-record-drag.png\" width=\"400\" alt=\"new-record-drag\"\u003e\n\nI then dragged \"instructions\" field back down because it should appear after\n\"ingredients\" field.\n\nWhen you are finished click or tap on the `\"Save\"` button to save it and you\nwill see it show up as a new record in the records part of the screen.\n\n\u003cimg src=\"www/help/pam-new-record-done.png\" width=\"400\" alt=\"new-record-done\"\u003e\n\nYou can click or tap on the record to expand it and see the fields you just defined.\n\n\u003cimg src=\"www/help/pam-new-record-done-expand.png\" width=\"400\" alt=\"new-record-done-expand\"\u003e\n\n#### Method 2: Clone Approach\n\nThe second method, creating a record by cloning an existing record, is\nuseful when you want to use the same fields as the existing record. It\nis a great way to guarantee uniformity. Although if the number of\nfields is small using the first method is also fine. Here is what\nthe clone option looks like.\n\n\u003cimg src=\"www/help/pam-clone-google.png\" width=\"400\" alt=\"clone-rec\"\u003e\n\nCloning a record is simple. Just expand a record and click or tap on the clone button\nand an edit dialogue pops up.\n\nUsing the record that was created in the previous section here is what happens when\nyou click or tap the `\"Clone\"` button.\n\n\u003cimg src=\"www/help/pam-clone-record-popup.png\" width=\"400\" alt=\"clone-record-popup\"\u003e\n\nThe clone operation created a new record with a\nslightly modified title \"Ice Cream Sundae Clone\" _because the record\ntitle must be unique_ and the same fields as the original record.\n\nAt this point you would typically change the title and field values\nbut for this demonstration will not do anything. _PAM_ makes sure that\nthe title is unique so it can be saved.\n\nClick or tap the `\"Save\"` button and you will see this.\n\n\u003cimg src=\"www/help/pam-clone-records-1.png\" width=\"400\" alt=\"clone-records-1\"\u003e\n\n_PAM_ still remembers that you had the original record\nopen. Just below it you will see the new cloned record.\n\nThe reason that the original record is left open is so that it is easy\nto continue clicking or tapping the `\"Clone\"` button to create more\nrecords.\n\nIn this case we only care about one record so you can click\nor tap on the new record to expand it.\n\n\u003cimg src=\"www/help/pam-clone-records-2.png\" width=\"400\" alt=\"clone-records-1\"\u003e\n\n#### Method 3: JSON Approach\n\nThe third method, creating a record by editing a JSON record file, is most\nuseful if you are interested in creating records programmatically\n(perhaps a subset of accounts that shared with a small group of users\nthat is automatically generated from a database). The example records\nand recipes example files that are available in the \"Load\" dialogue\nare a great place to start.\n\nThis approach does not have any screenshots because it deals with\n_PAM_ internals and may change from time to time. Instead a set of instructions\nis provided that should allows you to figure it out pretty easily.\n\n1. Create one record using the menu approach or use one the examples from the \"Load\" dialogue.\n2. Save the record to a file _without a password_.\n Normally this is a very bad idea because it could expose your data\n to a hacker so take precautions to protect the file.\n3. Look at the \"records\" section of the file and use that as a template\n to create more records.\n4. When you have finished adding the new records into the file,\n save the changes and then re-load the file in _PAM_.\n5. Then save it again _with a password_.\n\nThe reason that this has to be done without a password is because\nediting an encrypted file directly is not practical. If you need to\nencrypt or decrypt a PAM file from the command line, see\n[Decrypting and encrypting PAM files from the command line](#decrypting-and-encrypting-pam-files-from-the-command-line).\n\n\u003cdetails\u003e\n\u003csummary\u003eClick here to see an example javascript file\u003c/summary\u003e\n\nBeware! That the format of this record may change. This is just an\nexample that shows how simple the format is.\n\n```javascript\n{\n \"meta\": {\n \"date-saved\": \"2022-05-01T20:50:29.125Z\",\n \"format-version\": \"1.0.0\"\n },\n \"prefs\": {\n \"passwordRangeLengthDefault\": 20,\n \"passwordRangeMinLength\": 12,\n \"passwordRangeMaxLength\": 32,\n \"memorablePasswordWordSeparator\": \"/\",\n \"memorablePasswordMinWordLength\": 2,\n \"memorablePasswordMinWords\": 3,\n \"memorablePasswordMaxWords\": 5,\n \"memorablePasswordMaxTries\": 10000,\n \"clearBeforeLoad\": true,\n \"loadDupStrategy\": \"ignore\"\n },\n \"records\": [\n {\n \"title\": \"Amazon\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://www.amazon.com\"\n },\n {\n \"name\": \"username\",\n \"type\": \"text\",\n \"value\": \"pbrain22@protonmail.com\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"hr5Hn9pqm3u.VqMiALfdN-\\\"\"\n },\n {\n \"name\": \"note\",\n \"type\": \"textarea\",\n \"value\": \"Lorem ipsum dolor sit amet, consectetur adipiscing elit.\\nCras sodales elit in metus tempus, ut semper magna finibus.\\nDonec aliquam elementum velit quis pharetra.\\nPellentesque accumsan neque ut massa elementum mollis.\\nNulla eget pellentesque est.\"\n }\n ]\n },\n {\n \"title\": \"Email pbrain22@protonmail.com\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://mail.protonmail.com/inbox\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"rHfZ6bihw$g8ra$P4hHD\"\n }\n ]\n },\n {\n \"title\": \"Facebook\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://facebook.com\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22@gmail.com\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"dOa#DirgJge67okTKtEzp.LSl\"\n }\n ]\n },\n {\n \"title\": \"GitHub\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://github.com\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"Aq7GdcOmYWVkyHEWEk6fBeJzm\"\n }\n ]\n },\n {\n \"title\": \"Google\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://google.com\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22@gmail.com\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"NIJMeb8OfXEfshOG$db!\"\n },\n {\n \"name\": \"note\",\n \"type\": \"textarea\",\n \"value\": \"This is my primary email address.\\nsecurity question:\\n\u003e what is a photon? gauge-boson\"\n }\n ]\n },\n {\n \"title\": \"Netflix\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"http://netflix.com\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22@gmail.com\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"cGwJ$NPQ4SsI#haEsFRD\"\n }\n ]\n },\n {\n \"title\": \"StackExchange (StackOverflow)\",\n \"fields\": [\n {\n \"name\": \"url\",\n \"type\": \"url\",\n \"value\": \"https://stackoverflow.com\"\n },\n {\n \"name\": \"login\",\n \"type\": \"text\",\n \"value\": \"pbrain22@gmail.com\"\n },\n {\n \"name\": \"password\",\n \"type\": \"password\",\n \"value\": \"FpnzQcuq0nk/PxlMdYJ_itnK\"\n }\n ]\n }\n ]\n}\n```\n\n\u003c/details\u003e\n\n### Edit Record\nTo edit a record, select it from the records list and click or tap on the `\"Edit\"` button\nto popup the edit dialogue _which is exactly the same_ as the dialogue used to\ncreate a new record.\n\nIn fact, it is implemented using the _same code_ so you can use the\ninstructions from the [Create New Record](#create-new-record) section to\nunderstand how to change or add new fields.\n\n### Delete Record\nTo delete a record, select it from the records list and click or tap on the `\"Delete\"` button.\n\n_PAM_ will ask you to confirm before deleting the record. Click `OK` to confirm or `Cancel` to keep the record.\n\n**Beware the record is deleted permanently and cannot be recovered once confirmed!**\n\n### Deactivate Record\nTo deactivate a record click on the Active checkbox to make the record inactive.\nInactive records are considered deactivated.\n\nDeactivated records are the same as deleted records because they do not show up in the\nrecords list but they can always be recovered by going to\n[Preferences](#Preferences)\nand unchecking the\n[Hide Inactive Records](#hide-inactive-records)\nentry.\nEach deactivated record will be labeled with\na \u003csmall\u003e*INACTIVE*\u003c/small\u003e prefix.\n\n### Clone Record\nTo clone a record, select it from the records list and click or tap on the `\"Clone\"` button.\nThis will create a new record that you can edit.\n\nThe clone operation is described in detail in the\n[Create New Record](#create-new-record) section\nunder the [Method 2: Clone Approach](#method-2-clone-approach)\nsubsection.\n\n### Clear Records\nClear all of the records currently defined.\n\nThis is normally done automatically when a new file is loaded but\ncould be useful if you want to enter new a set of records from scratch\nusing the currently defined fields. Of course, you could simply delete\nall of the records manually but this is simpler.\n\nTo clear all records choose the\n\"\u003cimg src=\"www/icons/blue/trash3-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Clear Records\"\noption from the menu. See the [Menu](#menu) section for screenshots.\n\nThis option will ask you to confirm.\n\n### Save File\nTo save records and preferences to a file by choose the\n\"\u003cimg src=\"www/icons/blue/file-arrow-down-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Save File\"\noption from the menu. See the [Menu](#menu) section for screenshots.\n\nThis is the save file dialogue.\n\n\u003cimg src=\"www/help/pam-file-save.png\" width=\"400\" alt=\"file-save\"\u003e\n\nIf you want the records to be encrypted, enter or generate a password\nas described in [Password Generator](#password-generator) section.\n\nIf you want to copy the records to the clipboard enter a dot `\".\"`\nas the filename.\n\nMake sure that you do not forget this password. It is the _master_\npassword this is used to unlock all of the records and _PAM_\ndoes _not_ keep track of it. That means that if the password is lost,\n_PAM_ cannot recover the data it is lost forever.\n\nMore details about the encryption algorithm used can be found in\n[Reason 6: Secure Context Encryption](#reason-6-secure-context-encryption).\n\nNote that if you do not enter a password, the output will be plain\njavascript that can be read by anyone.\n\nPlain javascript is _NOT_ secure.\n\nIf you have records with passwords _ALWAYS_ use a password unless you\nunderstand the consequences. For example, saving the data without a\npassword can sometimes be convenient because it allows you to see how\nthe _PAM_ data is organized which can aid automation.\n\n### Load File\nTo load records and preferences from a file by choose the\n\"\u003cimg src=\"www/icons/blue/file-arrow-up-fill.svg\" height='32' width='32' /\u003e\u0026nbsp;Load File\"\noption from the menu. See the [Menu](#menu) section for screenshots.\n\nThis is the load file dialogue.\n\n\u003cimg src=\"www/help/pam-file-load.png\" width=\"400\" alt=\"file-load\"\u003e\n\nIf the file was saved with a password, you must enter that password or\nthe file will prompt for the password when loading.\n\n##### Load Example Records\nIf you wish to load the example records file, click or tap on the\n\"Load Example Records\" button (#1) to load the following example\nrecords that can be used to get you started.\n\n\u003cimg src=\"www/help/pam-example-records.png\" width=\"400\" alt=\"file-load-example-records\"\u003e\n\n##### Load Example Recipe\nIf you wish to load the example recipes file, click or tap on the\n\"Load Example Recipes\" button (#2) and PAM will load this.\n\n\u003cimg src=\"www/help/pam-ice-cream-sundae-open.png\" width=\"400\" alt=\"ice-cream-sundae-example\"\u003e\n\n##### Load Records from URL\nClick or tap on the \"Load Records from URL\" button (#3) to load a\nfile from the web.\n\nThis is typically used when a PAM records file is shared because\nno changes can be made.\n\n##### Paste Records from Clipboard\nClick or tap on the \"Paste Records from Clipboard\" button (#4) to\npaste records from the clipboard.\n\nThis is typically used when records are copies to the clipboard\nfrom a save operation or manually after editing.\n\n### Get Help\nTo get this help message, choose the `\"Help\"` option from the menu.\n\nIf you find a bug or want to request a change or submit an improvement,\ngo to the [Metadata section](#pam---personal-account-manager) at the top of\nthis help and click or tap on the project link.\n\n\n\n## Preferences\nPreferences allow you to customized the behavior of the app.\nThe defaults are set so that most people will never have to change anything.\n\nThe preferences dialogue is a big one. It is broken into 4 sections\nto make it easier to understand:\n\n1. Search - preferences that control searches.\n1. Passwords - preferences that control password creation and length.\n1. Miscellaneous - preferences for other stuff.\n1. Record Fields - the definitions of the available fields.\n\nEach preference is discussed in more detail in the subsections below.\n\n### Search Preferences\n\u003cimg src=\"www/help/pam-prefs-search.png\" width=\"400\" alt=\"pam-prefs-search\"\u003e\n\nThese preferences control search options.\nSee the [Search](#search) section for an example.\n\n#### Case Insensitive Searches\nIf enabled, all searches are case insensitive, otherwise they are case sensitive.\n\nThe default is enabled.\n\n#### Search Record Titles\nIf enabled, all searches look at the record titles, otherwise they do not.\n\nThe default is enabled.\n\n#### Search Record Field Names\nIf enabled, all searches look at the record field names, otherwise they do not.\n\nThe default is not enabled.\n\nYou would want to enable this you wanted to see records that contained a specific field.\n\n#### Search Record Field Values\nIf enabled, all searches look at the record field values, otherwise they do not.\n\nThe default is not enabled.\n\nYou would want to enable this you wanted to see records that contained a specific field\nvalue like an obsolete email or really old password.\n\n### Hide Inactive Records\nEach record in PAM allows you to set it as Active or Inactive.\nInactive records are also called deactivate.\n\nIf this checkbox is set those inactive records invisible.\n\nWhen disabled this checkbox allows you to view all of the inactive records.\n\nNote that each inactive record will have a \u003csmall\u003e*INACTIVE*\u003c/small\u003e prefix.\n\n### Password Preferences\n\u003cimg src=\"www/help/pam-prefs-password.png\" width=\"400\" alt=\"pam-prefs-password\"\u003e\n\nThese preferences control automatic password creation.\n\nFor more information about passwords see [Password Fields](#password-fields)\n\n#### Minimum Password Length\nDefines the minimum length of generated cryptic and memorable passwords.\n\nThe default is 12.\n\nI would recommend not making it shorter than the default unless a website\nspecifically demands it because shorter passwords are easier to crack.\n\n#### Maximum Password Length\nDefines the minimum length of generated cryptic and memorable passwords.\n\nThe default is 32.\n\nI would recommend making it longer than the default if you can but many\nwebsites have an upper bound for the length of password.\nThe chosen default seems to work for most of them.\n\n#### Memorable Password Min Word Length\nDefines the minimum size of a word in a generated memorable password.\n\u003e It has no affect on cryptic passwords.\n\nThe default is 2.\n\nIf you do not want short words like `'as'` or `'it'`, then make this longer.\nI would not recommend making it shorter.\n\n#### Memorable Password Word Separator\nThe string used to separate the words in a generated memorable password.\n\n\u003e It has no affect on cryptic passwords.\n\nThe default is a single character: `'/'`.\n\nIf you want to change the character, add any string that you like. It can be multiple\ncharacters.\nOther reasonable choices might be `':'` or `'.'` or `'@@'` or whatever you like.\nIt is best not to use letters.\n\n#### Memorable Password Min Words\nThe minimum number of words in a generated memorable password.\n\n\u003e It has no affect on cryptic passwords.\n\nThe default is 3.\n\n#### Memorable Password Max Tries\nThe maximum number of attempts to generate a memorable password\nthat meets the specified criteria from the other password preferences.\n\n\u003e It has no affect on cryptic passwords.\n\nThe default is 10000.\n\nThere is normally no need to ever change this but, if you change it\nand make it too small, _PAM_ will report errors if it fails to\ngenerate passwords after the maximum number of tries.\n\n#### Memorable Password Prefix\nThe prefix to add to all generated memorable passwords.\n\nThe default is `''` (empty string).\n\nYou might want to add a prefix or suffix to make sure that the\ngenerated passwords meet the requirements of websites that require\nupper case letter, digits and special characters.\n\nFor example, you might specify something like `'A1!!/'` to meet the\ncriteria which might create passwords like\n`'A1!!/html/wishes/combined'` or `'A1!!/rebates/restructuring/jamaica'`.\n\n#### Memorable Password Suffix\nThe suffix to add to all generated memorable passwords.\n\nThe default is `''` (empty string).\n\nYou might want to add a prefix or suffix to make sure that the\ngenerated passwords meet the requirements of websites that require\nupper case letter, digits and special characters.\n\nFor example, you might specify something like `'/A1!!'` to meet the\ncriteria which might create passwords like\n`'html/wishes/combined/A1!!'` or `'rebates/restructuring/jamaica/A1!!'`.\n\n### Miscellaneous Preferences\n\u003cimg src=\"www/help/pam-prefs-miscellaneous.png\" width=\"400\" alt=\"pam-prefs-miscellaneous\"\u003e\n\nThese are the preferences that didn't fall into the other categories.\n\n#### Log Status to the Console\nLog status messages to the console as well as the screen to aid\ndebugging.\n\nThe default is false which says do not log status messages to the\nconsole.\n\nYou might want to enable console logging if you are debugging a\nproblem and are working in a browser that supports debugging.\n\n#### Clear Records On Load\nClear all records before loading records from a file.\n\nThe default is true which says to clear the records before a loading\nnew records from a file.\n\nIf you set this to false, another option titled \"Load Duplicate Record\nStrategy\" will appear that is not normally visible to ask you with\nstrategy you want to used for conflicts.\n\nYou might set this preference to false if you want to to merge sets of records\nfrom different files.\n\n#### Enable Printing\nClick this to add the Print option to the menu.\n\nThis is what the enable printing preference looks like in the preferences dialogue.\n\n\u003cimg src=\"www/help/pam-prefs-enable-printing-check.png\" width=\"400\" alt=\"pam-prefs-enable-printing-check\"\u003e\n\nOnce it is enabled, the \"Print\" option will appear at the bottom of\nthe menu as shown below.\n\n\u003cimg src=\"www/help/pam-prefs-enable-printing-menu.png\" width=\"400\" alt=\"pam-prefs-enable-printing-menu\"\u003e\n\nWhen you click on \"Print\", PAM will open a print-ready document showing\nall visible records with passwords in plain text, formatted as a compact\ntwo-column card layout suitable for estate planning. This is what it\nlooks like for the example records.\n\n\u003cimg src=\"www/help/pam-prefs-enable-printing-example.png\" width=\"400\" alt=\"pam-prefs-enable-printing-example\"\u003e\n\nThis capability is useful if you want a paper copy of your records but\nit is a security risk. If you choose to enable this option, make sure\nthat the paper copy is stored securely.\n\nDisable this option (the default) if you intend to share PAM records\nwith multiple users from a read-only URL.\n\n\n#### Load Duplicate Record Strategy\nThis preference is not visible unless the \"Clear Records On Load\" preference is false.\n\nIt presents three strategies for handling duplicate records during a load operation: \"allow\",\n\"ignore\", \"replace\".\n\nThe \"allow\" strategy allows duplicate records to exist by cloning them. For example\nif a record with the title \"Google\" exists in the records and in the file being loaded,\nthe record from the file would be renamed to \"Google Clone\".\n\nThe \"ignore\" strategy ignores the duplicate record that is being loaded.\nIf there is a conflict it prefers the one already present.\n\nThe \"replace\" strategy ignores the duplicate record that already exists.\nIf there is a conflict it prefers the record being loaded.\n\n#### Clone Field Values when Cloning Records\nThis preference specifies that all data is kept when cloning a record.\n\nRemember that cloning a record is very simple and powerful way to\ncreate new records with the same fields but you have to delete the\nexisting values before entering new ones which is very simple.\n\nThe default is false which says to keep the field values when cloning.\n\nSet this preference if you want to avoid deleting the fields manually.\n\n#### Require Record Fields\nThis determines whether a record can be created with no fields.\n\nIf it is true, then a new record must have a least one field defined.\n\nThe default is false which means that records can be created with no\nfields so that records.\n\n#### Enable Editable Field Name\nThis preference defines whether or not the user can change a field\nname on a _per record_ basis.\n\nSetting this preference is not recommended because the presence of the\n\"name\" input can be confusing for users, a better approach is to\nsimply add a new field to the default fields in the preference section\nas described in the\n[Fields](#fields)\nsection.\n\n##### Not Enabled\nThis is what it looks likes when it is unchecked (false).\n\n\u003cimg src=\"www/help/pam-fld-name-edit-unchecked.png\" width=\"400\" alt=\"false\"/\u003e\n\n\u003cimg src=\"www/help/pam-fld-name-edit-off.png\" width=\"400\" alt=\"false\"/\u003e\n\nWhen this is not enabled, the user can only choose record fields from\nthe \"Record Fields\" section of the preferences. See the\n[Record Fields](#record-fields) section for more details.\n\n##### Enabled\nThis is what it looks likes when it is checked (true).\n\n\u003cimg src=\"www/help/pam-fld-name-edit-checked.png\" width=\"400\" alt=\"false\"/\u003e\n\n\u003cimg src=\"www/help/pam-fld-name-edit-on.png\" width=\"400\" alt=\"true\"/\u003e\n\nThe user can replace the default field name (in this case \"name\") with\nwhatever they want, perhaps something like \"full name\" or \"first name\"\nor \"last name\". The \"value\" field is where the name is actually\nentered.\n\n#### filePass Cache Strategy\n\nThis defines the browser cache strategy for the file password.\nThe options are `none`, `global`, `local` and `session`.\n\nThe `none` option means that the file password is never stored.\nThe file password is _not_ remembered for the file load and save operations.\nEach time you load or save a file you must re-enter it.\n\nThe `global` option means that the file password is stored in a global window\nsession variable.\nThe file password is remembered for the file load and save operations.\nIt is remembered until the browser tab is closed.\n\nThe `local` option means that the file password is stored in `localStorage`.\nThe file password is remembered across sessions and power cycles until\nexplicitly cleared. This is convenient for personal use but is a security\nrisk on shared devices. A **⚠ PASS: LOCAL** warning badge appears in the\ntoolbar while this is active.\n\nThe `session` option (default) means that the file password is stored in\n`sessionStorage`. The file password is remembered for the file load and save\noperations. It is remembered until the browser tab is closed.\n\nYour chosen strategy is stored per-device in `localStorage` under the key\n`pamCacheStrategy` and is restored automatically each time PAM starts,\nindependently of the PAM file.\n\n#### Custom About\nCustomized HTML that is added to the about page. It can be used\nin cases where the field records have been customized to provide\nan explanation or link to internal documentation.\n\nIts use is described in the [About](#about) section.\n\n### Record Fields\nThese are the default record fields that are used when creating or\nediting record fields. They can be can be changed.\n\nSee the [Fields](#fields) section for more information about record\nfields.\n\nAt the top of the section there is\n\u003cimg src=\"www/icons/blue/plus-circle.svg\" height=\"32\" width=\"32\" alt=\"add\"/\u003e\nicon that is used to create a new record field.\n\nEach default record field has a name, a type (from a pulldown menu) and\na delete button (\u003cimg src=\"www/icons/blue/trash3-fill.svg\" height=\"32\" width=\"32\" alt=\"trash\"/\u003e)\nthat you click to delete the record field.\n\nThe record field names must be unique but you can modify them.\nThey are stored with the each record file individually.\n\nThis is what the default records filed preference dialogue looks like.\n\n\u003cimg src=\"www/help/pam-default-record-fields.png\" width=\"400\" alt=\"default\"/\u003e\n\n### Saving Preferences\nYou _must_ scroll to the bottom of the dialogue and\nclick on the `\"Save\"` button at the end to save changes.\nIf you do not, any changes you made will be lost.\n\n## Security Considerations\n_PAM_, like all web applications, has security challenges. By\nfully disclosing them here you can understand the challenges\nand improve your ability to protect your record data.\n\n### MITM\nMITM refers to \"Monster In The Middle\" attacks or, historically, \"Man\nIn The Middle\" attacks. It an attack where a hostile eavesdropper\ninserts themselves in the communications stream between a client and a\nserver to capture or alter the communications for nefarious purposes\nlike stealing credentials.\n\n_PAM_ is not susceptible to this attack because it _does not\ncommunicate with a server_. That is because it is a single page web\napplication that is downloaded and run within your browser. All data\nis local. Nothing is ever transferred over the internet for an\neavesdropper to capture.\n\n### Third Party Web Site Security\nThird party web site security can be a major source of cybersecurity\nvulnerabilities because clients cannot know how well such\ncybersecurity vulnerabilities are mitigated unless that site publishes\na detailed report, on a periodic basis, of how often they were attacked\nsuccessfully and how many attacks they have successfully fended off.\n\nSadly, most companies do not provide that information. If you are\nusing a password manager or any other service that uses a server, you\nmight want to consider asking them how vulnerable they are to\ncyberattacks. At a minimum, you will want to understand what is done\nto protect your data from insider attacks where an employee steals the\ndata.\n\nSometimes you can get information about the security of a\nsite by looking at Common Vulnerability and Exposures (CVE) reports.\nSee [https://www.cve.org/](https://www.cve.org/) for more information.\n\n\u003e Poor reporting of third party web site cybersecurity vulnerabilities\n\u003e and exposures was one thing that motivated me to write _PAM_.\n\nBecause _PAM_ does not send the data to a server, it is not vulnerable\nto how cybersecurity is managed on the server by a third party.\n\n\u003e You can verify that _PAM_ is not sending data out by monitoring\n\u003e outbound traffic from your system. _PAM_ never sends any outbound\n\u003e data.\n\n_PAM_ encryption and decryption operations are provided by and run\n_inside_ the _secure context_ of the browser. This is the same _secure\ncontext_ used for accessing sites securely for transactions, like your\nbank. In practice this means that you must access _PAM_ from an HTTPS site.\n\nThe safety and security of _secure context_ operations is taken very\nseriously by the internet standards organization and the organizations\nthat develop the major browsers.\n\nYou can read more about secure contexts\n[here](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts)\nand in [Reason 6: Secure Context Encryption](#reason-6-secure-context-encryption).\n\n### Site Reliability\nAlthough it is not an attack vector _per se_, site reliability is\nanother consideration when choosing a web application because a\ndistributed denial of service (DDoS) attack on the site or a power\nfailure at the site could make it unusable.\n\nFortunately, most modern web applications are built using commercial\ncloud software as a service (SaaS) and infrastructure as a service\n(IaaS) products from vendors like AWS, Azure and GCP so they tend to\nbe _very_ reliable but it is still something to be aware of because if\nthe site or the gateway to the site goes down so does the web\napplication.\n\n_PAM_, is hosted and served from _github.io_ which also appears to be very\nreliable but if you are concerned, you can host it wherever you like.\nAlso _PAM_ does not do any backend server communication (as mentioned earlier)\nso it will like continue to run even if the site goes down temporarily\nbecause, once it is loaded, it will stay resident until you close the\nbrowser tab.\n\nAnother thing to consider is where you store your _PAM_ record\nfile(s). I use iCloud which is also quite reliable and allows access to\niCloud files directly from my computers, mobile devices and tablets.\n\nJust make sure that whichever infrastructure as a service (IaaS)\noffering you choose it is reliable as well because you don't want to\nlose access to your file because the IaaS service is not available.\n\nOf course you could simply load and save the data to a local file but\nthat might restrict access to it from other devices (like mobile\nphones or tables) and you would have to be very diligent about keeping\nit backed up.\n\n### Over the Shoulder Surfing Attack\nThe user enters the record data in decrypted form, so it may be\nvulnerable to over the shoulder surfing attacks where someone or\nsomething (like a camera) watches or films the user typing or opening\na record and then clicking or tapping on a password field to display\nthe password in plaintext which could allow that information to be\nstolen.\n\nThis vulnerability can be mitigated by being aware of your\nsurroundings to make sure you are not being watched or filmed.\n\n\u003e This is different and easier to mitigate than \"key-logging and screen\n\u003e recording\" as discussed in the next subsection.\n\n### Malware: Key Logging and Screen Recording\nIf malware that takes screenshots or does key logging has been\ninstalled on your computer, phone or tablet, you are in trouble for a\nvariety of reasons. It means that an attacker can see what you are\ndoing and capture what you are typing.\n\nThe best way to mitigate these forms of attacks is to keep your system\nup to date by installing security patches and by using some sort of\nsecurity tool or tools to protect your system or, at the very least,\nrecognize the infection.\n\n### Malware: Clipboard Attack\nYet another type of vulnerability is the \"clipboard attack\" if/when\ndata is copied to the clipboard for cut and paste operations. This\nvulnerability exists because the clipboard is a global resource that\ncan be accessed by other, independent applications.\n\nClipboard attacks can be mitigated by making sure that your computer\ndoes not have malware installed or by not copying to the clipboard.\nAlthough it is probably impractical to not use the clipboard at all\nso, if you do use the clipboard, make sure that you always reset it\nafter any copy/paste operation to minimize any chances that it will be\ncaptured by malware or observed by an attacker. You can reset it by\nsimply selection a single letter or word and copying it.\n\nAnother, perhaps better, way to mitigate the clipboard vulnerability\n_might_ be to eliminate the need for the clipboard by modifying\n_PAM_ to automatically login in for you based on record data\nusing an HTTP POST operation but that is not currently available.\n\n\u003e Note that I say _might_ here, because I do not know how\n\u003e secure POST operations are.\n\n### Unattended Browser\nIf you leave the browser unattended without locking your screen after\nyou have loaded your record data, someone can sit down and see the\nrecords because they are impersonating you _after you have logged in_.\n\nThe best way to mitigate this attack is to always lock your screen when\nyou leave the computer unattended.\n\n### Website Spoofing\nWeb site spoofing could be used to direct you to a website\nthat could be used to steal your information using a look alike\nweb application.\n\nTo mitigate that make sure that you accessing the _PAM_ from a known,\ntrusted site.\n\nIf you are concerned about this, you can always download, build and\nrun _PAM_ from your own trusted site.\n\n### Dictionary and Brute Force Password Attacks\nIn general a brute force attack is any attack that uses trial and error\nto crack passwords.\n\nA dictionary attack is a brute force password attack that tries\nevery password in a dictionary to break decrypt sensitive data.\n\nBoth attacks are very effective in cases where the attacker has the\nability to try many passwords without being locked out and where the\npassword is short.\n\n_PAM_ is vulnerable to dictionary attacks and brute force atttacks\nbecause it can be run locally where the attacker can setup an automatic\nsystem to try to decrypt the file using the set of available passwords.\n\nSites that require passwords for authentication can mitigate this\ntype of attack by limiting the number of login attempts allowed.\n\n_PAM_ can also mitigate these types of attacks but it cannot do\nso _automatically_ because the attacker has access to the source\ncode. Instead you can mitigate these attacks by using strong (high\nentropy) passwords.\n\nTo give you some feel for just how effective this approach is,\nconsider a simple example where we have a password composed of say 20\npseudo-random upper case letters (26), lower case letters (26), digits\n(10) and 2 special characters.\n\nThus for 20 characters, there are 64\u003csup\u003e20\u003c/sup\u003e or\n1,329,227,995,784,915,872,903,807,060,280,344,576 (~1.3 undecillion)\npossible passwords which is which is _one heck of\na lot possibilities_!\n\nIf an attacker were to try to crack such a password using a super\npowerful computer that could perform _1 billion tests per second_\n(close to the limit of todays technology), it would take something on\nthe order of about a sextillion (10\u003csup\u003e21\u003c/sup\u003e) years to crack\nwhich means that your data is pretty safe if you use such a password.\n\nOn the other hand if you use a simple, six character password like\n\"`secret`\" it would take about about a minute so don't do that.\n\nIdeas for generating strong password are discussed in the next\nsection.\n\n### Protecting Yourself\nIn summary, security can never be fully guaranteed, the best way to\nprotect your data is to follow commonly recommended security\npractices:\n\n1. Keep all of your security patches up to date.\n1. Keep malware off of your systems.\n1. Make sure that you are not observed.\n1. Never share sensitive information (like passwords).\n1. Backup your data.\n1. Use a strong password for encrypting your files.\n 1. It should be at least 20 characters.\n 1. It should not contain personally identifiable information like dates.\n 1. It should be memorable and fairly easy to type.\n 1. I suggest using a memorable password of length 30 or more that\n contains 3 to 5 words with a custom prefix and suffix. Perhaps\n something with a structure like this:\n '`A1/jeans/chosen/since/tuition?!!`' (do NOT use this specific password!).\n1. Make sure that the website URL is what you expect.\n\n### Multi-Factor Authentication\nSeveral folks have asked me why Multi-Factor Authentication (MFA) was\nnot included in _PAM_ to provide and additional layer of security.\n\nIn general the MFA approach assumes that the users identity must be\nchecked and validated (authentication) so that the site offering the\nservices knows that it is dealing with the valid user not an\nimpersonator _which is a great thing_ but it is not necessary for\n_PAM_ because _PAM_ has no _site_.\n\nInstead _PAM_ is a single page web application with _no backend\nprocessing_, which, once it is loaded, makes it more like a local word\nprocessor that is tailored to managing customized records in _local_\nfiles so any additional communication over the internet represents a\nrisk as does storing any user information. Everything is done inside\nthe browser in a secure context.\n\nNo outbound information is ever sent to the internet unless the user\nspecifically requests it via the `\"Load File\"` and `\"Save File\"`\noperations while using cloud storage but at that point all data\nis encrypted both at the file level and as the HTTPS transport level\nwhich is required for the browser secure context which, in turn, is\nrequired by _PAM_ to function which is pretty safe if you protect your\ndata with a strong password.\n\nYou can verify that _PAM_ is functioning securely by monitoring outbound\ninternet traffic. You should never see any outbound traffic from _PAM_\nthat is not related to the file load and save operations.\n\nFor all of the above reasons, I felt the MFA would not improve\nsecurity and, hence, was not needed.\n\n## Usage Examples\nThe examples in this section talk about how to use this app under\ndifferent scenarios.\n\n### Personal Account Records\nThis is the most common usage. It is where personal account records\nare stored so that you have a permanent, encrypted record of all of\nyour passwords.\n\n#### Create Record File\nTo create a file with a single record follow these steps:\n\n1. Navigate to the app: [ https://jlinoff.github.io/pam/www/](https://jlinoff.github.io/pam/www/).\n * This can be done from any device, like your phone, tablet or computer\n but you must have access to cloud storage\n (on iphone and ipads that would be iCloud).\n1. Select the `\"New Record\"` option from the menu in the upper right hand corner.\n1. When the new record dialogue pops up,\n enter the account name as the title, an example might be \"Google email\".\n1. Add fields like \"url\", \"login\" and \"password\" and set their values.\n1. Save the record.\n1. At this point it will appear as your first record on the display.\n1. Now save it to a file by selecting \"Save File\" from the menu.\n1. Enter the file name, perhaps something\n like `\"mystuff.pam\"` or `\"joe.pam\"` if your name is \"Joe\" or `\"account.pam\"`.\n * I have found that some devices do not like the `\".pam\"` file extension.\n If that is the case use the `\".txt\"` file extension. Everything loves that\n and the data is guaranteed to be ASCII text (even when encrypted).\n1. Enter a password.\n 1. This is the password that you need to access all\n of the records in the file.\n 2. The password is _not_ stored so make sure that you\n keep track of it somewhere\n because if it is lost, the records _cannot_ be retrieved.\n\nAt this point your data is stored. You can add as many additional records as you\nwant or change existing records. As long as you save them, they will be available\nto you.\n\n#### Use Record Data to Log into a Site\nTo use the data to log into a site.\n\n1. Navigate to the app as described above.\n1. Click or tap on the record that contains the information.\n1. Click or tap on the \"url\" link so that the site opens up in a different tab.\n1. Enter the login name or email by clicking or tappin","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlinoff%2Fpam","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjlinoff%2Fpam","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlinoff%2Fpam/lists"}