General
Is Geslar free?
Yes. Škrinjar (password manager) and Ključar (authenticator) are completely free. The generator at geslar.app is also free. Future premium features (cloud sync) will be optional — the free version stays forever.
Does Geslar work offline?
Yes. Škrinjar and Ključar work fully offline. Internet is only needed for installation and updates. Your passwords and TOTP codes are available without a connection.
What are the parts of Geslar?
Škrinjar — browser extension for passwords. Ključar — mobile app for TOTP codes. Generator — web tool for passwords and phrases at geslar.app.
Which platforms are supported?
Škrinjar: Chrome, Firefox, Edge, Opera, Brave and all Chromium browsers. Ključar: Android and iOS. Generator: any browser.
Security & privacy
How secure is Geslar?
Geslar uses AES-256-GCM encryption and PBKDF2-SHA256 with 600,000 iterations for key derivation. This is the same standard as banking systems. Technical details →
Can Geslar see my passwords?
No. Zero-knowledge architecture means your data never leaves your device in readable form. Not even the Geslar team has access to your data.
What if Geslar gets hacked?
Your passwords are encrypted on your device. Geslar has no server with your data. There's nothing to hack — because we don't hold your data. Learn more →
Does Geslar use analytics?
No. No Google Analytics, no telemetry, no tracking cookies, no user accounts. Geslar doesn't know who uses it.
Škrinjar (password manager)
Can I import from another password manager?
Yes. Škrinjar supports import from 13 sources: Chrome, Firefox, Edge, Bitwarden, 1Password, LastPass, KeePass, Dashlane, NordPass, ProtonPass, Enpass, RoboForm and Geslar. Import guide →
How many passwords can I store?
Unlimited. No limits on the number of records. Škrinjar supports passwords, notes, cards, identities and custom records.
Does autofill work on all sites?
On the vast majority — yes. Škrinjar uses intelligent field detection. If autofill doesn't work on a site, use Ctrl+Shift+L or copy from the popup. More about autofill →
Can I use Škrinjar on multiple computers?
Currently each device is independent. To transfer, use backup and import. Cloud sync is coming in a future version.
Ključar (TOTP authenticator)
Can I transfer codes from Google Authenticator?
Yes. Ključar supports import from 7 authenticators: Google Authenticator, Aegis, 2FAS, Raivo, andOTP, FreeOTP+ and Geslar. Import guide →
What if I lose my phone?
If you have an encrypted backup, restore it on a new device. If not, contact each service's support to reset 2FA. About backup →
Why is Ključar better than Google Authenticator?
Ključar encrypts each key individually with AES-256-GCM. Google Authenticator stores keys unencrypted — root access to the device reveals all codes.
Does Ključar support HOTP?
Yes. Ključar supports both TOTP (time-based) and HOTP (counter-based) algorithms. Most services use TOTP.
Password generator
Is the web generator safe?
Yes. The generator uses CSPRNG (Web Crypto API) — everything is generated locally in your browser. Nothing is sent to a server. Technical details →
What is a passphrase?
A password made of random words, e.g.
meadow-cloud-chocolate-chestnut. Longer, easier to remember, harder to crack. Ideal for master passwords. Learn more →Why are Croatian phrases special?
Geslar has 4 Croatian dictionaries (5,700+ words): standard, Kajkavian, Čakavian and metaphors. An attacker can't use English dictionaries to crack Croatian phrases.
Master password
What if I forget my master password?
Geslar cannot reset your master password — this is a security feature, not a limitation. Without the password, data remains permanently encrypted. Recovery options →
How long should the master password be?
We recommend a passphrase of 4-6 words (52-78 bits of entropy). That's enough for hundreds of years of cracking with the fastest hardware. Tips →
Can I change the master password?
Yes. Settings → Security → Change master password. The vault is re-encrypted with the new key. Old backups use the old password.