Skip navigation
Free Online Password Manager

Security & Data Privacy

Passpack gives you 100% data privacy. No one - except you - can access your passwords.

Passpack Two Step Login Process

The "Pack" in Passpack comes from the bundle of locked up data inside your account. That's your pack of passwords.

Passpack can't read what is in your pack.

It's encrypted directly before being saved to Passpack's server.

Only your Packing Key can unlock it. And only you know your Packing Key.

Security Features

  • Anti-phishing protection
  • Disposable Logins
  • Scrambled Password Field
  • Passpack Desktop (optional)
  • Password quality tester
  • Make personal backups
  • Strong password generator
  • Double Access login technique
  • Locks up when unattended
  • US Gov't approved encryption
  • Host-Proof Hosting
  • Secure sharing & sending

Privacy Promise


Privacy is your right, protect it!

The data you store on Passpack can not be read by anyone, not even by Passpack staff itself.

You have the right to request that all of your personal data be removed at any time. Please read the Privacy Promise - it's not just fluff, we mean it.

Data Privacy & Host-Proof Hosting

Your data is encrypted on-the-fly before leaving your browser. Passpack uses the AES-256 encryption algorithm, US government approved for classified information, to make sure that only you can decrypt it with your secret Packing Key.

Your Packing Key never gets sent or saved to the server, so not even Passpack staff knows it. As far as the world outside your browser is concerned, your Packing Key is a complete mystery. Without it, it is impossibile to see, access or use your Passpack account (so don't lose it!).

This data privacy pattern is an industry standard called Host-Proof Hosting. Passpack has further innovated the pattern to allow for sharing and provisioning passwords across accounts while maintaining the same level of total data privacy. That's called Shared Host-Proof Hosting, and Passpack invented it.

DEVELOPERS:
Download our open source Host-Proof Hosting library here.

Physical & Network Security

Only encrypted data is ever sent over the internet, and it is always sent over an SSL Secure Connection. That makes the data doubly encrypted, and thwarts Man-in-the-Middle attacks. Passpack uses an Extended Validation Certificates (EV SSL) which identifies the company's identity and physical adress before being issued.

Passpack resides in a disaster-proof data center with an un-interruptible power supply (in an extended power outage, if even batteries fail, a diesel generator will take over). The data center is monitored 24 hours a day and is equipped with a wide range of security, power management, cooling and network access equipment.

Physical access to the data center is protected with biometric sensors, security cameras and secure access systems.

Summing it all up

With AES encryption (the same as used by the US Government) and an SSL Secure Connection, your data travels safely over the internet. But let's suppose a hypothetical "bad guy" gets into our servers, all he'd find would be a bunch of illegible data (not even Passpack can read your data). If he's determined to crack this data, he'd have to crack the Packing Key of every single user, one-by-one, in order to reverse the packing process. To date, this type of brute force attack on AES is considered impossible. That makes Passpack an unattractive target.

Get Passpack Now

Play around, have fun and ask for help if you need it.

Top Passpack News:

Jan 12 Passpack Desktop: new updated release

Nov 30 Yubikey: Two Factor authentication support

Oct 20 Change the ownership of your entries

Visit the Passpack Blog | Passpack News RSS

Passpack has been featured by:
NBC, PC Magazine, Chicago Tribune, Lifehacker