“Encrypted” and “zero-knowledge” are not the same thing. A service can encrypt your data while still holding a key that lets it (or an attacker who compromises it) decrypt that data. Zero-knowledge is the stronger property: the provider structurally cannot read your vault, because the key that unlocks it never exists on their servers.
How it works
A zero-knowledge password manager protects your data in three steps:
- Key derivation on your device. When you enter your master password, a key-derivation function (PBKDF2, scrypt, or Argon2) stretches it into a strong encryption key — locally, in your browser or app. The server is never involved.
- Encryption with a strong cipher. That derived key encrypts your vault with a symmetric cipher like AES-256. Only ciphertext is produced.
- Only ciphertext is synced. The encrypted blob is sent to the provider for storage and sync. Your master password and the derived key never leave your device.
The result: the provider stores data it cannot read.
Zero-knowledge vs “encrypted” vs end-to-end encrypted
| Term | What it guarantees |
|---|---|
| ”Encrypted” | Data is scrambled — but the provider may hold a key to unscramble it. |
| End-to-end encrypted | Only the endpoints (your devices) can read the data in transit and at rest. |
| Zero-knowledge | The provider has no knowledge of your keys or plaintext — it cannot decrypt your data even if it wanted to. |
Zero-knowledge is the bar to look for in a password manager. It implies end-to-end encryption and adds the guarantee that the vendor itself is locked out.
How to verify a zero-knowledge claim
Ask any vendor three questions:
- Where is my encryption key derived — on my device or your server? (Correct: your device.)
- If I forget my master password, can you reset it for me? (Correct: no — you use a recovery key you hold.)
- If your database is breached, what can the attacker read? (Correct: ciphertext only.)
Hesitation on question 2 is the tell. A “forgot password” flow that restores your data means the vendor can decrypt it — which means it isn’t zero-knowledge.
How LitePassword implements it
LitePassword derives a 256-bit key from your master password with PBKDF2 on your device, encrypts every secret with AES-256, and stores only ciphertext. There is no admin “view all” mode and no vendor password reset — a one-time recovery key, generated on your device and shown once, is the only way back in. See the full security architecture, or compare the field in best zero-knowledge password managers.
Common questions about zero-knowledge password manager
Is zero-knowledge the same as end-to-end encrypted?
They overlap but are not identical. End-to-end encryption means only the endpoints can read the data in transit and at rest. Zero-knowledge is the stronger guarantee that the service provider itself has no knowledge of your keys or plaintext, even though it stores and syncs your encrypted data.
Can a zero-knowledge provider recover my password?
No. A genuine zero-knowledge provider has no way to decrypt your data, so it cannot reset your master password. Recovery relies on a key you generated and hold yourself — a recovery key or emergency kit. If a provider can reset your password from a "forgot password" email, it is not truly zero-knowledge.
Is Bitwarden or 1Password zero-knowledge?
Yes — both 1Password and Bitwarden are zero-knowledge, as are Proton Pass, Keeper, and LitePassword. They derive your key on-device and store ciphertext only. They differ in the details: 1Password adds a Secret Key, Bitwarden is open-source, and LitePassword uses a single recovery key with no admin reset.
What happens if a zero-knowledge company is breached?
An attacker who steals the provider's database gets ciphertext only. Without your master password — which never left your device — the data cannot be decrypted. That is the entire point of the architecture.
Stop sharing passwords in Slack messages.
Create your account in under a minute. Pick a master password. We'll generate your recovery key for you.