Best zero-knowledge password managers in 2026

“Bank-grade encryption” is marketing. Zero-knowledge is an architecture. The difference matters: a tool can be “encrypted” while the vendor still holds a key that can decrypt your data. In a zero-knowledge system, the vendor structurally cannot read your vault — even if compelled, even if breached.

Here are the best zero-knowledge password managers in 2026, compared on the things that actually define the guarantee: where the key is derived, what cipher protects your data, and how recovery works.

What “zero-knowledge” actually means

A zero-knowledge password manager derives your encryption key from your master password on your own device. The provider stores only ciphertext and never sees your master password or the derived key. Three properties define it:

• Key derivation happens client-side (PBKDF2, scrypt, or Argon2 — never on the server).
• The master password is never transmitted.
• A server breach exposes ciphertext only, which is useless without your master password.

If any of those isn’t true, it isn’t zero-knowledge — it’s just “encrypted.” For the full definition, see what is a zero-knowledge password manager.

Comparison: the crypto that matters

Tool	Key derivation	Cipher	Recovery model	Open-source?
LitePassword	PBKDF2	AES-256	One-time recovery key (you hold it)	No
1Password	PBKDF2 + Secret Key	AES-256	Secret Key + Emergency Kit	No
Bitwarden	PBKDF2 / Argon2	AES-256	Account recovery / admin reset (opt-in)	Yes
Proton Pass	Argon2	AES-256-GCM	Recovery phrase	Yes
Keeper	PBKDF2	AES-256	Account recovery (security questions)	No

Verify the current spec on each vendor’s security page — implementations evolve.

The best zero-knowledge managers, ranked

1. 1Password — strongest recovery model

The Secret Key adds a second, high-entropy factor to your master password, so even a weak master password resists offline attack. The best-documented and most battle-tested zero-knowledge implementation in the category. Expensive per-seat for small teams. See 1Password vs LitePassword.

2. Bitwarden — best auditable (open-source) implementation

Because it’s open-source, Bitwarden’s zero-knowledge claims can be independently verified rather than taken on faith. Supports modern Argon2 key derivation. Note that organization “account recovery” (admin reset) is an opt-in feature that, if enabled, changes the trust model — leave it off if you want pure zero-knowledge. See Bitwarden vs LitePassword.

3. Proton Pass — strongest privacy pedigree

Argon2 derivation, open-source, and built by the team behind Proton Mail with a clear privacy track record. A natural fit if you’re already in the Proton ecosystem. See Proton Pass vs LitePassword.

4. LitePassword — simplest zero-knowledge model for small teams

PBKDF2-derived AES-256, a one-time recovery key generated on-device and shown once, and crucially no admin “view all” mode and no vendor reset — the recovery key you hold is the only path back in. Built specifically for teams of 12 or fewer who want the guarantee without the enterprise surface. The trade-off is no autofill extension yet. See our security architecture.

5. Keeper — most enterprise controls

Solid zero-knowledge core with extensive admin and compliance tooling. The granularity is valuable for larger or regulated organizations and overkill for most small teams.

How to verify a zero-knowledge claim

Ask any vendor these three questions:

1. Where is my encryption key derived — on my device or your server? (Correct answer: your device.)
2. If I forget my master password, can you reset it for me? (Correct answer: no — you use a recovery key you hold.)
3. If your database is breached, what can the attacker read? (Correct answer: ciphertext only.)

A vendor that’s genuinely zero-knowledge will answer all three cleanly. Hesitation on question 2 is the tell — a “forgot password” email flow that restores your data means the vendor can decrypt it, which means it isn’t zero-knowledge.

Comparing for a team specifically? See the best password managers for small teams.