A password manager that can't read your passwords.
passwd is zero-knowledge and end-to-end encrypted. Your master password and your vault never leave your device in a form anyone else, including us, can read.
Built so we know nothing about you
Strong cryptography by default, with none of the data collection.
Zero-knowledge
Everything is encrypted on your device. The server only ever stores ciphertext it can't read.
No email required
Create an account with a generated passphrase. No email, no phone, nothing that identifies you.
Browser extension
Unlock once and autofill logins on the sites you visit, with strict domain matching.
Two-factor
Add TOTP two-factor in a click. Your vault stays protected even if a password leaks.
Open source
Every line is public and auditable. Trust nothing you can't inspect.
Fast and lightweight
A Go sync backend and a tiny web vault. Self-host it from a single binary.
How your vault stays private
Your master password derives an encryption key on your device. Only encrypted blobs are ever sent to the server, so there is no copy of your password anywhere to steal.
| The server can | The server can never |
|---|---|
| Yes Store and sync encrypted blobs | No Read your passwords or notes |
| Yes Verify your login | No Learn your master password |
| Yes Enforce 2FA and rate limits | No Know who its users are |
Take back your privacy in two minutes
Generate a passphrase, set a master password, and you're done. No sign-up forms.