Which password managers are actually zero-knowledge? (2026)
An honest look at which password managers are actually zero-knowledge — 1Password, Bitwarden, NordPass, Proton Pass, and LitePassword compared on key derivation, recovery, and what a breach exposes.
“Zero-knowledge” is the most overused phrase in password-manager marketing. Some tools mean it literally — the vendor structurally cannot read your vault. Others use it loosely to mean “we encrypt things.” This is an honest, vendor-by-vendor look at which password managers are actually zero-knowledge in 2026, judged on the three properties that define the guarantee.
Quick answer
The major password managers that are genuinely zero-knowledge are 1Password, Bitwarden, NordPass, Proton Pass, Keeper, and LitePassword. Each one derives your encryption key from your master password on your device, never transmits the master password, and stores ciphertext only — so a breach of the vendor exposes encrypted blobs, not your secrets. They differ in recovery model, open-source status, and pricing, not in the core guarantee. The tools to be wary of are the ones that can email you a “forgot password” link and restore your data — that recovery flow means they can decrypt it.
The three tests for “actually zero-knowledge”
A claim is real only if all three hold:
- Key derivation is client-side. Your master password is stretched into an encryption key on your device (PBKDF2, scrypt, or Argon2). The server never does it.
- The master password is never transmitted. Not at sign-in, not at unlock, not ever.
- A breach exposes ciphertext only. Stolen database = encrypted blobs, useless without your master password.
The fastest single tell is recovery: a vendor that can reset your master password and restore your data can, by definition, decrypt it — so it isn’t zero-knowledge. Genuine zero-knowledge tools recover via a key you hold.
The honest comparison
| Tool | Zero-knowledge? | Key derivation | Cipher | Recovery model | Open-source? | Pricing model |
|---|---|---|---|---|---|---|
| 1Password | Yes | PBKDF2 + Secret Key | AES-256 | Secret Key + Emergency Kit | No | Per-seat |
| Bitwarden | Yes | PBKDF2 / Argon2 | AES-256 | Recovery / admin reset (opt-in) | Yes | Per-seat (free 2-user) |
| NordPass | Yes | Argon2 | XChaCha20 | Recovery code | No | Per-seat |
| Proton Pass | Yes | Argon2 | AES-256-GCM | Recovery phrase | Yes | Per-seat |
| LitePassword | Yes | PBKDF2 | AES-256 | One-time recovery key (you hold it) | No | Flat (not per-seat) |
Verify each vendor’s current spec on its security page — implementations evolve. Encryption is the same bar across the row; the differences that matter are recovery, auditability, and price.
Vendor by vendor
1Password — strongest recovery hardening
Zero-knowledge, plus a Secret Key: a second high-entropy factor combined with your master password, so a weak master password still resists offline brute-force. The most documented implementation in the category. Not open-source, and priced per-seat — which adds up fast for a small team. See 1Password vs LitePassword.
Bitwarden — best auditable implementation
Because it’s open-source, Bitwarden’s zero-knowledge claims can be independently verified rather than trusted on faith, and it supports modern Argon2 derivation. One caveat: organization “account recovery” (admin reset) is an opt-in feature that, when enabled, lets an admin reset a member’s password — useful operationally, but it changes the trust model. Leave it off for pure zero-knowledge. See Bitwarden vs LitePassword.
NordPass — modern cipher, audited
Zero-knowledge with XChaCha20 (a modern, fast stream cipher) and Argon2 key derivation. Not open-source, so its implementation is verified through third-party audits. A solid mainstream option; pricing is per-seat. See NordPass vs LitePassword.
Proton Pass — strongest privacy pedigree
Argon2 derivation, open-source, AES-256-GCM, built by the team behind Proton Mail. A natural fit inside the Proton ecosystem. Team sharing is per-seat. See Proton Pass vs LitePassword.
LitePassword — strictest recovery model, flat pricing
PBKDF2-derived AES-256, and crucially no admin “view all” mode and no vendor master-password reset — a one-time recovery key, generated on-device and shown once, is the only path back in. That makes the zero-knowledge story unusually clean: there is no recovery back door to misconfigure. Built for teams of 12 or fewer, and priced flat, not per-seat ($5/mo for up to 5 users, $10/mo for up to 12). The trade-offs: not open-source, and no browser-autofill extension yet. See the security architecture.
So which should you pick?
Every tool in the table clears the zero-knowledge bar — the encryption is not where they differ. Choose on the other axes:
- Want auditable open-source? Bitwarden or Proton Pass.
- Want the hardest recovery story (no back door at all)? LitePassword’s recovery-key-only model.
- Want maximum brute-force hardening? 1Password’s Secret Key.
- Want the cheapest option for a small team? Flat pricing beats per-seat past three users — that’s LitePassword’s wedge.
For the ranked deep-dive on the cryptography, see best zero-knowledge password managers. For the free-tier angle specifically, see free zero-knowledge password manager.