Your passwords,
invisible to everyone.
InfoPeak Pass stores your logins, cards, and notes with AES-256-GCM encryption — decrypted only on your device. Not even we can see them.
Your vault.
Your keys.
No exceptions.
Every password is encrypted before it leaves your browser — cipher-text only ever touches our servers.
Password managers that can read your passwords
are not password managers.
Most password managers encrypt your data with keys they control. That means they — or anyone who compromises them — can decrypt your vault. Your credentials, your cards, your notes: all readable.
Security theater is not security. A breach is a matter of when, not if.
InfoPeak Pass derives your master key exclusively in your browser using PBKDF2. We never see the key, we never transmit the key, and we never store the key. The math simply doesn't allow us to.
Your vault is yours — not leased to you by a company that could be acquired, subpoenaed, or hacked.
How zero-knowledge actually works
Key derivation
Your master password never leaves your device. PBKDF2 derives a strong encryption key locally — we receive a salted verification token, never the key itself.
Local encryption
Every credential is encrypted with AES-256-GCM in your browser before it's transmitted. Our servers store opaque cipher-text — indistinguishable from random noise.
On-device decryption
When you open your vault, cipher-text is downloaded and decrypted locally using your key. Plaintext never travels the wire — not even over HTTPS.
Everything a password manager should be.
And nothing it shouldn't.
We are mathematically incapable of reading your vault.
The architecture is not a promise — it is a cryptographic constraint. No master key on our servers means no breach can expose your credentials.
Built-in 2FA authenticator
Store your TOTP seeds alongside your login credentials. Live 6-digit codes are generated entirely on-device — no separate authenticator app needed.
Password generator
Cryptographically random passwords up to 64 characters. Passphrases too. Strength meter included — client-side only.
Import from anywhere
Migrate from Bitwarden, 1Password, LastPass, or any Chrome / Firefox CSV export. Parsed and encrypted locally.
One workspace.
One key hierarchy.
Pass shares the same zero-knowledge key architecture as InfoPeak Drive, Docs, and Calendar — one login unlocks your entire sovereign workspace.
Frequently asked
What happens if InfoPeak is hacked?
An attacker would obtain encrypted cipher-text. Without your master key — which never leaves your device — the data is computationally unreadable. AES-256-GCM provides 256-bit security; brute-forcing a single vault would take longer than the age of the universe.
What if I forget my master password?
Zero-knowledge means we cannot reset your password for you — that would require us to hold a copy of your key. You can set up a recovery key during onboarding, stored offline by you. If neither is available, the vault cannot be decrypted by anyone.
Can I import from my current password manager?
Yes. InfoPeak Pass imports CSV exports from Bitwarden, 1Password, LastPass, Chrome, and Firefox. The import is parsed and encrypted entirely in your browser — your existing credentials never touch our servers in plaintext.
Sovereign passwords.
Beta access. 2026.