A secure password manager built with Next.js, TypeScript, and Firebase, featuring client-side AES-256-CBC encryption and a zero-knowledge architecture.
- Client-Side Encryption: All encryption/decryption happens in the browser using Web Crypto API
- AES-256-CBC: Industry-standard encryption algorithm
- PBKDF2 Key Derivation: 100,000 iterations with SHA-256
- Zero-Knowledge Architecture: Your master password never leaves your device
- Auto-Lock: Vault automatically locks after 15 minutes of inactivity
- No Password Recovery: By design - if you forget your master password, data is permanently
- Account Password: Used for Firebase Authentication (stored in Firebase)
- Master Password: Used for encryption/decryption (NEVER sent to server)
- User creates account with account password (Firebase Auth)
- A random salt is generated and stored in Firestore
- Master password + salt → PBKDF2 (100K iterations) → Encryption key
- Data is encrypted with AES-256-CBC before being sent to Firestore
- Firestore only stores encrypted blobs + initialization vectors
- User signs in with account password (Firebase Auth)
- Salt is retrieved from Firestore
- User enters master password
- Master password + salt → PBKDF2 → Encryption key (derived client-side)
- Encrypted data is fetched and decrypted in the browser
- Master Password Requirements: Minimum 12 characters with 3+ character types
- Auto-Lock: Vault locks after 15 minutes of inactivity
- No Recovery: Zero-knowledge means no password recovery - choose wisely!
- HTTPS Required: Use HTTPS in production to prevent MITM attacks
- No Data in Storage: Encryption key stays in memory only, never in localStorage
- ✅ Secure password storage with client-side encryption
- ✅ Password generator with customizable options
- ✅ Search and filter passwords
- ✅ Tags for organization
- ✅ Copy to clipboard
- ✅ Show/hide password toggle
- ✅ Auto-lock after inactivity
- ✅ Password strength indicator
- ✅ Responsive design with glassmorphism UI
- Framework: Next.js 14 (App Router)
- Language: TypeScript
- Styling: Custom CSS with Tailwind
- Authentication: Firebase Auth
- Database: Cloud Firestore
- Encryption: Web Crypto API (AES-256-CBC, PBKDF2)
- Backup Your Master Password: Store it in a secure location. If lost, all data is unrecoverable.
- Production Deployment: Use HTTPS and configure proper Firebase security rules.
- Regular Backups: Consider exporting your passwords periodically.
- Browser Compatibility: Requires modern browsers that support Web Crypto API.