Get early access
passwords that change themselves
Browser extension · in development

You were never going to change all those passwords by hand. So we built the thing that does.

Rekey is a password manager with one ability nobody else ships: it rotates your passwords for you — on a schedule, or the moment a breach touches one of your accounts — and verifies every change through your own inbox before the old password is discarded.

Waitlist gets the first year of Premium free. One launch email, that's it.

early build — it just rekeyed x.com by itself ↑
Nobody else does this. Of the seven biggest password managers, zero rotate passwords automatically. Dashlane tried in 2015 and quietly retired it.
No lockouts, by design. The old password is kept until the new one has actually signed in. A failed rotation costs you nothing.
Coverage in public. We publish the exact sites we can rotate and their live success rates. If it's not on the list, we won't pretend.

You know the email.

"Your password may have been compromised in a recent data breach." You get one, you sigh, you maybe fix that account. Then the warnings pile up — your password manager cheerfully counts them for you. Twelve compromised. Thirty. Reddit is full of people staring at seventy breach warnings they will realistically never clear, because clearing them means doing seventy password resets by hand: find the settings page, request the email, dig the code out of your inbox, invent something new, save it, repeat.

Every password manager on the market will happily tell you what's broken. Not one of them will fix it. That's the entire gap Rekey exists to close: the fixing.

"I get loads of warnings saying my passwords were in a data breach (70 accounts)… will any password manager automatically update them with little to no input?"
r/PasswordManagers — asked, never answered with a product
"Not sure if this is on the roadmap, but it would be a great feature — Bitwarden automatically changing passwords for us?"
r/Bitwarden feature request — still open
"One of the primary sellers of Dashlane vs other options was the ability to automatically change passwords… only 6 of my 200+ saved passwords were eligible."
Dashlane premium user — why honest coverage is rule one

Real posts, lightly trimmed for length. We didn't invent this demand — we just went and read it.

How it works

Import in one click

From Chrome, LastPass, Bitwarden, or CSV. Your passwords never sit unencrypted on disk during import — we tested the big names, and that's rarer than you'd hope.

Choose when passwords should change

Per account: every 30 or 90 days, only after a reported breach, or never. The default is breach-triggered only — because rotating for no reason is theater, and the security folks are right about that.

Rekey does the rounds

It signs in, changes the password, catches the site's confirmation email from your inbox, proves the new login works, updates your vault, and hands you a receipt. If anything fails, nothing is lost.

A few things we'd rather tell you now

We can't rotate every site. There's no standard "change password" mechanism on the web — that's why this product doesn't already exist. We launch with the ~40 most-used consumer sites and grow the list weekly, in public.

Email access is a big ask. We request the narrowest Gmail scope possible, read only verification and reset messages for rotations you initiated, and store none of it. The extension's code will be public, so you don't have to take our word for anything.

We have no investors and no data business. The business model is the $1.99 below. The free tier stays free, and breach alerts are part of it — not bait.

— the Rekey team (names and faces here before launch)

Pricing when we launch

Free Premium
$0 $1.99 /mo billed annually
Unlimited passwords, autofill, generator
Breach alerts✓ free, not paywalled
One-click import
Manual "rekey now" on supported sites
Scheduled automatic rotation
Breach-triggered auto-rotation
Inbox-verified changes with receipts

For scale: NordPass premium is $1.49, Proton Pass $1.99, 1Password $2.99 — and none of them will change a single password for you. Waitlist members keep these launch prices for life; we saw how everyone reacted to the 2026 price hikes.

Questions people actually ask

What happens if a rotation fails halfway?

Nothing bad. Rekey never discards the old password until the new one has signed in successfully. If a site changes its flow mid-rotation, you keep the old password and the site gets flagged on our coverage page.

Where are my passwords actually stored?

On your device, encrypted — or in the password manager you already use. We don't run a vault server, which means there is no server of ours to breach. The first question everyone's dad asks, and the answer is the whole architecture.

Can you read my email?

We request read access scoped as narrowly as Google allows, filter for verification and reset messages tied to rotations you set up, and process them transiently. Nothing is stored. The code will be open for inspection.

Why not just use Bitwarden or 1Password?

Use them — they're good vaults. But neither will change a single password for you. After a breach notice you're still doing every reset by hand. Rekey exists for the part that comes after "your data was compromised."

Doesn't Apple's new Passwords app do this?

iOS 27 can change some passwords — on Apple devices, within Apple's list. Rekey works in your browser on any platform, covers scheduled and breach-triggered rotation, and verifies every change through your inbox.

Isn't regularly changing passwords considered bad advice now?

Arbitrary forced rotation is — NIST said so, and we agree. That's why Rekey's default is rotation with a reason: a reported breach, a shared account handed back, a device you lost. Schedules exist for people who want them anyway.

Building in public

JUL 2026
Waitlist opened. Finished a hands-on teardown of 9 competing password managers — signup flows, import flows, paywalls, the lot. It lives in a spreadsheet. Ask us anything about it.
JUN 2026
Apple shipped auto-change in iOS 27. For Apple devices, on Apple's list of sites. We're taking it as both validation and a deadline.
NEXT
Prototype. Rotation working end-to-end on the first 10 sites, including the inbox verification loop. Waitlist members see it first and vote on which sites come next.

Stop resetting passwords by hand.

Join the waitlist. First year of Premium free when we launch — and you'll help us pick which sites get covered first.