Is this password manager safe?

Yes. Everything runs locally in your browser. No passwords are ever transmitted to or stored on any server.

How are passwords generated?

Passwords are generated using the Web Crypto API — a cryptographically secure random number generator built into your browser.

Free Password Manager & Generator — AES-256 Zero-Knowledge

Stealth Vault

AES-256 encrypted password manager & generator. Zero-knowledge, fully client-side — your credentials never leave your browser.

AES-256-GCM PBKDF2 Web Crypto API Zero Network Local Only

256Bit Encryption

100KPBKDF2 Rounds

0Bytes Sent

6Tools

Why use Free Password Manager No Signup

AES-256-GCM Encryption

Your passwords are encrypted before they ever touch localStorage. The key is derived via PBKDF2 with 100,000 iterations — the same standard used by financial institutions.

True Cryptographic Entropy

Generated passwords use crypto.getRandomValues() — a hardware-backed CSPRNG in every modern browser. Unpredictable, non-reproducible, and brute-force resistant.

Fully Offline — No Server

No network requests, no databases, no accounts. The entire manager runs in your browser tab. Disconnect your internet and it still works. There is no server to hack.

Passphrase Generator

Generate memorable multi-word passphrases with custom separators, capitalization, numbers, and symbols. Easy to remember, hard to crack.

Strength Analyzer

Test any password with real entropy calculation. Get crack time estimates, charset size, unique character count, and a detailed strength breakdown instantly.

Backup & Restore

Export your encrypted vault as a JSON file to move between devices. The backup file is also AES-256 encrypted — no plaintext credentials ever leave your browser.

Security Questions

Everything you need to know

Q 01Is my vault data stored on your servers?

Absolutely not. All vault data is stored exclusively in your browser's localStorage on your own device. Zlvox servers never see your passwords, encryption keys, or any credential data. We are technically incapable of accessing your vault.

100% LocalZero-Knowledge

Q 02What happens if I clear my browser data?

Your vault will be permanently erased. Always use the Backup (JSON) feature to export your encrypted vault before clearing browser data. The backup file is also AES-256 encrypted.

Always Backup First

Q 03Passphrases vs random passwords — which is stronger?

A 4-word passphrase from a 1,024-word list has ~40 bits of entropy. A 12-character random password with all character types has ~78 bits. For equivalent security, use at least 5-6 words. The advantage of passphrases is human memorability.

4 words ≈ 40 bits6 words ≈ 60 bits

Q 04What does the crack time estimate measure?

The estimate assumes an offline attack using high-end GPU hardware (~10 billion attempts per second). It calculates total possible combinations from your password's character space and length, then divides by attack rate.

Q 05Can I use my vault across multiple devices?

Yes — use the Export (Backup JSON) function to download your encrypted vault file, then Import it on another device. The encrypted JSON file contains no plaintext credentials.

Export / Import

Q 06What is PBKDF2 and why does it matter?

PBKDF2 is a key-stretching algorithm that runs your master key through SHA-256 hashing 100,000 times. This makes brute-forcing the master key computationally expensive — an attacker testing 1 billion guesses per second needs 100,000x more time per guess.

100K IterationsSHA-256

Stealth Vault

Everything you need to know