Why I Built a Password Manager That Never Touches the Internet

Jonathan Park — Tue, 10 Mar 2026 04:25:36 +0000

Every password manager I've used wants me to create an account. Sync to their cloud. Trust their servers. Pay a subscription.

And then one day, LastPass gets breached. Again.

I don't have anything against cloud-based password managers — they solve a real problem. But I kept thinking: what if you just... didn't need any of that?

The Premise

Most people don't need cross-device sync for every password. They need a secure place to store credentials that:

Doesn't require an account
Doesn't phone home
Works offline
Can't be breached on a server because there is no server

So I built Password Notebook.

Zero-Server Architecture

Here's what "never touches the internet" means concretely:

No backend. It's a static site. HTML, CSS, JavaScript. That's the entire stack.
No API calls. Open your network tab. Nothing goes out.
No analytics. No tracking pixels, no Google Analytics, no telemetry.
No account. You open it and start using it.

Your passwords are encrypted and stored in your browser's localStorage. They exist on your device and nowhere else.

How Encryption Works

When you set a master password, the app:

Derives a cryptographic key from your password using PBKDF2 with a high iteration count
Encrypts your password vault using AES-GCM via the Web Crypto API
Stores the encrypted blob in localStorage

// Simplified — the actual implementation has more safeguards
const keyMaterial = await crypto.subtle.importKey(
  "raw",
  encoder.encode(masterPassword),
  "PBKDF2",
  false,
  ["deriveKey"]
);

const key = await crypto.subtle.deriveKey(
  { name: "PBKDF2", salt, iterations: 600000, hash: "SHA-256" },
  keyMaterial,
  { name: "AES-GCM", length: 256 },
  false,
  ["encrypt", "decrypt"]
);

All crypto is done via the browser's native Web Crypto API — no third-party crypto libraries.

The Trade-offs (Honestly)

This approach has real limitations, and I think it's important to be upfront about them:

What you give up:

No sync. Your passwords live on one device, in one browser. Clear your browser data and they're gone.
No recovery. Forget your master password? There's no "forgot password" flow. No server means no recovery email.
No autofill. This isn't a browser extension. You copy-paste.
localStorage isn't perfect. It can be cleared by the browser, and it's accessible to JavaScript on the same origin. The encryption mitigates the latter, but it's worth knowing.

What you get:

Zero attack surface on the network. No server to breach. No API to exploit. No database dump to worry about.
No trust required. You can read the source. It's all client-side.
Instant setup. Open the page, set a master password, start saving.
Works offline. Once loaded, it doesn't need a connection.

Who Is This For?

Not everyone. If you need sync across 5 devices, use Bitwarden (it's great and open source).

Password Notebook is for people who:

Want a simple, local credential store on a single machine
Don't trust cloud services with their passwords
Need something for a shared computer where installing software isn't an option
Want a secondary/backup password reference

Try It

Free, no sign-up, no download: passwords.impulsestudios.cc

Your data stays on your device. I literally can't see it even if I wanted to.

If you're curious about the implementation or want to audit the crypto, the source is all in the browser. View source and read it.

I Built a Markdown-to-Rich-Text Converter Because Copy-Paste Shouldn't Be This Hard

Jonathan Park — Tue, 10 Mar 2026 04:25:23 +0000

If you write in Markdown, you've felt this pain.

You craft a perfectly formatted document — headers, bold text, code blocks, lists — then you need to paste it into Google Docs. Or Slack. Or an email. Or a CMS with a rich text editor.

So you copy. You paste. And you get... a wall of plain text with asterisks and hash symbols staring back at you.

The Workaround Tax

The usual workarounds are embarrassing for 2026:

Render in a preview, copy from there — Sometimes works. Mostly doesn't preserve formatting cleanly.
Export to HTML, open in browser, copy from browser — Three steps too many.
Just reformat it manually — No.
Use a paid app — For... copying and pasting?

I kept running into this during my own workflow. I write everything in Markdown. READMEs, docs, blog drafts, notes. But half the people I work with live in Google Docs and Notion. Every time I needed to share something, I'd lose 5 minutes reformatting.

So I Built MarkdownPaste

The idea is dead simple:

Paste or type your Markdown
Click "Copy as Rich Text"
Paste into any rich text editor with full formatting

That's it. No account. No download. No electron app eating 400MB of RAM.

How It Actually Works

Under the hood, this uses the Clipboard API — specifically, the ability to write multiple MIME types to the clipboard at once.

When you click "Copy," the app:

Parses the Markdown into an HTML string (using a lightweight parser)
Creates a ClipboardItem with both text/html and text/plain representations
Writes to the clipboard via navigator.clipboard.write()

const blob = new Blob([htmlString], { type: "text/html" });
const item = new ClipboardItem({
  "text/html": blob,
  "text/plain": new Blob([plainText], { type: "text/plain" }),
});
await navigator.clipboard.write([item]);

The key insight: most rich text editors (Google Docs, Outlook, Slack, Notion) check for text/html on the clipboard first. If it's there, they render it as formatted text. If not, they fall back to text/plain.

By writing both, you get rich formatting where it's supported and clean plaintext everywhere else.

The Gotchas

A few things I learned building this:

navigator.clipboard.write() requires a secure context (HTTPS) and a user gesture (click). You can't just fire it on page load.
Some browsers are stricter than others. Firefox had partial support for a while. It's solid now, but I added a fallback using document.execCommand('copy') with a hidden contenteditable div for older browsers.
Code blocks need special handling. If you just dump <pre><code> into the clipboard, some editors strip the formatting. Adding inline styles as a fallback helps.

What It Handles

Headers, bold, italic, strikethrough
Ordered and unordered lists
Code blocks with syntax hints
Links and images
Tables
Blockquotes
Nested formatting

It runs entirely in the browser. No server. Your text never leaves your machine.

Try It

It's free, no sign-up required: tools.impulsestudios.cc

If you write in Markdown and regularly need to paste into rich text editors, this saves a few minutes every time. Nothing revolutionary — just one less paper cut in the workflow.

Part of the Impulse Studios free tools collection. If you find a bug or want a feature, open an issue or just tell me.

Forem: Jonathan Park

Why I Built a Password Manager That Never Touches the Internet

The Premise

Zero-Server Architecture

How Encryption Works

The Trade-offs (Honestly)

Who Is This For?

Try It

I Built a Markdown-to-Rich-Text Converter Because Copy-Paste Shouldn't Be This Hard

The Workaround Tax

So I Built MarkdownPaste

How It Actually Works

The Gotchas

What It Handles

Try It