Free zero-knowledge password manager (truly zero-knowledge, 2026)
A free, truly zero-knowledge password manager encrypts your vault on your device — the vendor only ever stores ciphertext. Here are the genuinely free options and how to verify the claim.
A free zero-knowledge password manager does two things at once: it costs nothing, and it makes the vendor structurally unable to read your vault. The catch is that not every “free” or “encrypted” tool clears the second bar. This guide names the genuinely free, genuinely zero-knowledge options in 2026 — and the three questions that tell you whether a “zero-knowledge” claim is real.
Quick answer
Yes — there are truly zero-knowledge password managers with a free tier. The strongest free options are LitePassword (free for 1 user, zero-knowledge by design), Bitwarden (free with genuine 2-user sharing, open-source), and Proton Pass (free single-user, privacy pedigree). In all three the encryption key is derived from your master password on your device, the master password is never sent to the server, and a breach of the vendor exposes ciphertext only. The free tier uses the same encryption as the paid tiers — you only trade away capacity, never protection.
”Free” and “zero-knowledge” are two separate claims
It’s easy to conflate them, so separate them:
- Free is about price — does the tool cost $0 to use?
- Zero-knowledge is about architecture — can the vendor read your data, ever?
A tool can be free and not zero-knowledge (it encrypts data but holds a key that can decrypt it). A tool can be zero-knowledge and not free. You want both, and you should verify each separately. For the full definition of the architecture, see what is a zero-knowledge password manager.
How to verify a “truly zero-knowledge” claim
Ask any vendor — free or paid — these three questions:
- Where is my encryption key derived — on my device or your server? (Correct answer: your device, via PBKDF2, scrypt, or Argon2.)
- If I forget my master password, can you reset it for me? (Correct answer: no — you use a recovery key you generated and hold.)
- If your database is breached, what can the attacker read? (Correct answer: ciphertext only.)
Question 2 is the tell. A “forgot password” email flow that restores your data means the vendor can decrypt it — which means it is not truly zero-knowledge. A genuine zero-knowledge tool answers all three cleanly, on its free tier as well as its paid ones.
The genuinely free, genuinely zero-knowledge options
| Tool | Free tier | Free sharing? | Key derivation | Cipher | Notes |
|---|---|---|---|---|---|
| LitePassword | 1 user, 1 vault, 5 secrets | No | PBKDF2 (on-device) | AES-256 | No admin “view all”, no vendor reset |
| Bitwarden | 2 users | Yes (2 users) | PBKDF2 / Argon2 | AES-256 | Open-source, auditable |
| Proton Pass | 1 user | No | Argon2 | AES-256-GCM | Privacy pedigree (Proton) |
Encryption is identical on free and paid tiers — the limits are on capacity, not security.
LitePassword — the strictest free zero-knowledge model
PBKDF2 derives a 256-bit key from your master password on your device, AES-256 encrypts every secret, and the server stores ciphertext only. Crucially there is no admin “view all” mode and no vendor master-password reset — a one-time recovery key, generated on-device and shown once, is the only path back in. The Free plan is $0 for one user; team sharing starts at $5/mo flat for up to 5 users (not per-seat). See the full security architecture.
Bitwarden — the only free team zero-knowledge tier
Bitwarden’s free plan includes genuine 2-user sharing at $0, and because it’s open-source its zero-knowledge claims can be independently audited rather than taken on faith. If cost is the absolute constraint and you’re a pair, it’s hard to beat. Note that organization “account recovery” (admin reset) is an opt-in feature — leave it off to keep pure zero-knowledge. Compare in Bitwarden vs LitePassword.
Proton Pass — best free single-user with a privacy track record
Argon2 key derivation, open-source, built by the team behind Proton Mail. A natural fit if you’re already in the Proton ecosystem; team sharing is per-seat on the paid plan. See Proton Pass vs LitePassword.
When “free” stops being the right question
Free tiers are almost always single-user (Bitwarden’s 2-user sharing is the exception). The moment a third person needs access, the honest question stops being “what’s free?” and becomes “what’s cheapest and zero-knowledge for my team?” — and that’s where flat pricing wins. A 5-person team is $5/mo flat on LitePassword versus $20/mo on a $4/user tool. (If that team is an early-stage company, see the password manager for startups setup pattern.) Run the numbers in best free password manager for small teams and compare the architecture in best zero-knowledge password managers.
If you’re coming from a self-hosted tool you ran specifically for the zero-knowledge guarantee, you can keep the guarantee without the server — see a managed alternative to self-hosted password managers.