I keep running into password managers calling themselves “zero-knowledge”.
In theory that just means they can’t read your passwords.
Encryption happens on your device, not on their servers.
Fair enough.
What’s confusing is how wide that definition has become.
Some of these tools still depend heavily on cloud sync.
Some live entirely inside browser extensions.
Some store more metadata than I expected.
That doesn’t automatically make them bad or insecure,
but it does make the label less useful on its own.
I started thinking about this while working on Passary.
It goes pretty hard in the opposite direction:
no cloud sync, no accounts, everything stays local.
That has downsides too. It’s less convenient.
But fewer moving parts felt like a reasonable trade-off.
Anyway, just something I’ve been thinking about.
If anyone’s curious, details are here:
https://passary.com
Top comments (0)