HexVault

Zero-knowledge password manager. Auto-fill, generate, and save passwords securely.

HexVault is a zero-knowledge password manager that encrypts your passwords on your device before they ever leave it. Unlike most password managers that encrypt on their servers, HexVault encrypts on yours — meaning even if our servers were breached, subpoenaed, or seized, your passwords remain safe. How it works When you log in, your master password never leaves your browser. It passes through Argon2id — a memory-hard algorithm that makes brute-force attacks 1,000× more expensive than the PBKDF2 used by most competitors. This produces an encryption key that stays only in your browser's memory. Every vault entry is encrypted independently using AES-256-GCM before being sent to our servers. We store ciphertext only — we have no ability to read your passwords. Features Autofill — detects login forms and fills your username and password with one click Breach monitoring — checks your passwords against Have I Been Pwned using k-anonymity, so your actual passwords are never transmitted Password generator — create strong, random passwords with customisable length and character sets Secure sharing — share passwords via encrypted one-time links that expire after a single view Temporary email — generate a disposable email address to use when signing up to services, keeping your real address private Auto-lock — vault locks automatically after a configurable period of inactivity Two-factor authentication — supports TOTP and WebAuthn / FIDO2 hardware keys on your HexVault account Why HexVault Zero-knowledge architecture — we hold ciphertext only, never plaintext Argon2id key derivation — 64 MB memory cost, 1,000× more GPU-resistant than PBKDF2 UK-based and GDPR compliant — registered in England and Wales, data hosted in the UK Unminified client code — you can verify every cryptographic claim yourself in DevTools No advertising — your data is never used for targeting or sold to third parties Privacy HexVault uses k-anonymity for breach checks — only a 5-character SHA-1 hash prefix is sent to Have I Been Pwned. Your actual passwords are never transmitted. The temporary email feature uses the mail.tm API and credentials are stored locally in your browser only. A full account is required to use HexVault. Start with a free 14-day trial at hexvault.co.uk — no credit card required. Privacy policy: https://hexvault.co.uk/privacy Support: hello@hexvault.co.uk