About
PassNumber started from a simple frustration: strong passwords are hard to remember and easy to watch. We wanted a login you carry in your head, where what you type is different every time.
Instead of recalling a string of characters, you remember a few familiar symbols. A reshuffling grid turns those memories into a different set of numbers on every login — memorable for you, meaningless to anyone looking over your shoulder.
PassNumber is developed in the open. The reference implementation is plain PHP with SQLite, salted hashing, prepared statements, CSRF protection, and account lockout. We document its limitations as openly as its strengths, because an honest security tool is the only kind worth using.
The roadmap focuses on accessibility alternatives, larger-grid usability, and a clean integration path for existing apps. Have a use case or feedback? Get in touch.
The original PassNumber engine was built in 2020 as a working proof of the idea. In 2026 it was rebuilt from the ground up: the secret encoding was made collision-free, storage moved to versioned salted PBKDF2 hashing, verification became deterministic by default, and a second login method — Sequence — joined the original row-based Classic. The concept stayed the same; the engineering caught up with it. PassNumber is built in Dubai by Mohammed Nasrallah.