No, we do not have access to unencrypted passwords and other data you store in our vaults. This ensures total protection of your sensitive information. For example, even in the event that authorities issue a court order, Passwarden will not share information since we've got nothing to share (in that case, only metadata can be shared, but not the secrets as encryption happens on the end user devices).
Whenever we need to verify your passwords (e.g. when you log in with your password or if you enable Dark Web monitoring), only a small part of the hash of the password is sent to the API as per the haveibeenpwnd protocol. It's impossible to reverse the process and learn your password.
Comments