Privacy is the default

A password manager that can't read your passwords.

passwd is zero-knowledge and end-to-end encrypted. Your master password and your vault never leave your device in a form anyone else, including us, can read.

End-to-end encryptedNo email neededOpen sourceBrowser extension

Built so we know nothing about you

Strong cryptography by default, with none of the data collection.

Zero-knowledge

Everything is encrypted on your device. The server only ever stores ciphertext it can't read.

No email required

Create an account with a generated passphrase. No email, no phone, nothing that identifies you.

Browser extension

Unlock once and autofill logins on the sites you visit, with strict domain matching.

Two-factor

Add TOTP two-factor in a click. Your vault stays protected even if a password leaks.

Open source

Every line is public and auditable. Trust nothing you can't inspect.

Fast and lightweight

A Go sync backend and a tiny web vault. Self-host it from a single binary.

How your vault stays private

Your master password derives an encryption key on your device. Only encrypted blobs are ever sent to the server, so there is no copy of your password anywhere to steal.

The server canThe server can never
Yes Store and sync encrypted blobsNo Read your passwords or notes
Yes Verify your loginNo Learn your master password
Yes Enforce 2FA and rate limitsNo Know who its users are

Read the full security model

Take back your privacy in two minutes

Generate a passphrase, set a master password, and you're done. No sign-up forms.