InfoPeak Pass: Your Passwords and Your Authenticator Codes. Both Zero-Knowledge.

A complete credential security setup requires two things: strong, unique passwords for every account, and a second factor that proves you are who you say you are. Most organizations run these on two separate tools, two separate vendors, and two separate trust relationships. InfoPeak Pass handles both — under one zero-knowledge architecture, within the InfoPeak suite.

Zero-Knowledge, Precisely Defined

InfoPeak Pass is built on zero-knowledge architecture. Every credential you store is encrypted on your device using AES-256 before it is transmitted to InfoPeak's servers. The encryption key is derived from your master password using a key derivation function — the master password itself never leaves your device and is never transmitted in any form.

What InfoPeak stores is ciphertext. The name of each item and its content are encrypted independently using separate Data Encryption Keys — two distinct encryption envelopes per credential, so that even the item title reveals nothing without decryption. Without the key material, the stored data is computationally indistinguishable from random noise. We store your vault. We cannot read it.

"AES-256. Zero plaintext on our servers. The encryption key is yours — derived from a master password that never leaves your device."

The Built-In TOTP Authenticator

InfoPeak Pass includes a fully functional TOTP authenticator — the same category of tool as a standalone authenticator app, built directly into your password manager so that credentials and second-factor codes live in the same zero-knowledge environment.

The TOTP implementation runs entirely client-side using the WebCrypto API and follows RFC 6238 — the standard that governs time-based one-time passwords across the industry. When you add a TOTP seed to InfoPeak Pass, it is encrypted and stored as part of the credential record, zero-knowledge. When you need a code, it is generated in your browser using that seed. The seed never leaves your device in plaintext. The code is computed locally and expires in 30 seconds.

This is the architectural consequence of building an authenticator into a zero-knowledge password manager rather than adding TOTP as an external dependency. The seed material is protected by the same encryption model as your passwords — not by the security posture of a separate app on a separate device.

The Browser Extension

InfoPeak Pass includes a browser extension for Chrome and Firefox that handles auto-fill for credentials stored in your vault. When you visit a site for which you have saved credentials, the extension identifies the login fields and fills them from your locally decrypted vault — without the plaintext credentials passing through any external service at any point in that process.

The extension authenticates against InfoPeak's API using short-lived bearer tokens — valid for 15 minutes, issued via a secure bridge that operates through your active InfoPeak session. This architecture means the extension never stores your session credentials in browser storage in a persistent form. Each session issues a fresh token. Expired tokens are purged automatically. The security boundary between your browser session and the extension is maintained by design, not by configuration.

• Chrome and Firefox: Native extension available for both major browser platforms.
• Auto-fill: Credential fields populated from your locally decrypted vault on recognized sites.
• Short-lived tokens: 15-minute bearer tokens issued per session — no persistent credential storage in the extension.
• TOTP codes: One-time codes generated and available within the extension for fast copy-paste at login.

Password Generation and Import

InfoPeak Pass includes a built-in password generator. Strong, unique credentials are generated on demand — configurable length and character composition, with no requirement to devise your own entropy. Every new account your organization creates starts with a credential that has never been used elsewhere and cannot be guessed.

Import is supported from standard credential export formats. If your organization currently manages credentials in another system, migration to InfoPeak Pass is a file operation — your existing credential library moves into the zero-knowledge environment without manual re-entry. The migration is complete. The previous vendor relationship ends.

Part of the InfoPeak Suite

InfoPeak Pass operates within the same authentication and data residency framework as every other InfoPeak product. It is not a standalone subscription or an external integration — it is part of the suite, under the same data processing agreement, within the same European infrastructure, governed by the same organizational access controls.

When a team member is offboarded, their access to the shared credential vaults in InfoPeak Pass is revoked in the same operation that revokes their access to mail, drive, documents, and calendar. One infrastructure. One permission model. No separate offboarding process for the password manager.

Passwords and authenticator codes. Zero-knowledge. One vault. This is the credential security standard InfoPeak builds to.