End-to-end encrypted password management. Your vault is encrypted on your device — we never see your data. Open source, audited, and built for people who care about privacy.
Built from the ground up with security-first principles. No shortcuts, no compromises.
AES-256-GCM encryption with Argon2 key derivation. Your data is encrypted before it ever leaves your device — never on our servers.
Fully audited by Cure53. Our entire source code is on GitHub for anyone to inspect, verify, and contribute to.
Browser extensions, desktop, and mobile apps. Syncs securely everywhere.
We never see your master password or vault contents. Mathematically impossible.
Share credentials with team members through E2E encrypted channels.
Get instant alerts if your saved credentials appear in known public data breaches, allowing you to update compromised passwords before they can be exploited by malicious actors.
Getting started is simple — keeping you safe is our job.
Sign up and choose a single master password. The only one you'll need.
Save credentials as you browse. MyKey auto-fills them instantly.
Your data is protected at rest, in transit, and everywhere else.
Our zero-knowledge architecture means your vault is encrypted entirely on your device. The server only stores ciphertext.
Military-grade authenticated encryption ensures both confidentiality and integrity of your stored credentials.
Your master password is transformed into an encryption key using Argon2id — resistant to GPU and ASIC brute-force attacks.
Secure Remote Password protocol means your master password is never sent to our servers — not even as a hash.
Cryptographic verification that you know your password without revealing it. Mathematical certainty, not trust.
Encryption happens here
Ciphertext only
Server never sees plaintext
Free forever for individuals. Upgrade when you need more.
For individuals getting started
Free forever
For power users who need more
Billed annually
For organizations and businesses
Billed annually
Everything you need to know about MyKey's security and features.
MyKey is fully open source and has been independently audited by Cure53. Unlike proprietary password managers, anyone can inspect our code. We use a zero-knowledge architecture, meaning we never have access to your master password or vault contents — not even in theory.
Because of our zero-knowledge design, we cannot reset your master password. However, during setup you can generate an emergency recovery kit — a one-time recovery key stored offline. We strongly recommend saving this in a secure physical location.
Yes. Our client applications, browser extensions, CLI tool, and cryptographic libraries are all open source under the GPL-3.0 license. The server-side sync component is also source-available. You can self-host the entire stack if you prefer.
No. This isn't a policy — it's math. Your vault is encrypted with a key derived from your master password using Argon2id. The encryption and decryption happen entirely on your device. Our servers only store ciphertext that is useless without your master password.
We use AES-256-GCM for vault encryption, Argon2id for key derivation (with tuned memory and iteration parameters), SRP-6a for authentication, and X25519 for secure sharing key exchange. All cryptographic implementations are from audited, well-established libraries.
Absolutely. We provide Docker images and detailed deployment guides for self-hosting. Run MyKey on your own infrastructure with full control over your data. Self-hosted instances still receive client updates and security patches automatically.
Join hundreds of thousands of users who trust MyKey to protect their most sensitive data. Free forever — no credit card required.