Password vault backup

Your master password is one device away from gone.

1Password, Bitwarden, Dashlane. Every credential you own sits behind a single master password. Split that key across places and people so no single loss takes everything down.

See plans Try it free
Before
key
Single point of failure
Split
After
Share 01
Share 02
Share 03
Threshold 2 / 3
Audit findings

The password to all your passwords.

Fail
Finding · 01

Written on paper

A master password on a sticky note, in a drawer, or in a notebook is your entire digital life sitting in the open for anyone who finds it.

×Single physical location
×No tamper detection
×Theft = full compromise
Fail
Finding · 02

Memorized only

A head injury, a stroke, eighteen months between recoveries. You forget one passphrase and every credential behind it is locked forever.

×No backup mechanism
×Vulnerable to incapacity
×One mind, one failure
Fail
Finding · 03

One device, one file

1Password's Secret Key on a single laptop. That device dies, gets stolen, or burns, and you are locked out of every account behind it.

×Hardware-dependent
×No geographic redundancy
×One device, one loss

Works with every manager.

1Password
Master + Secret Key
Bitwarden
Master + Recovery Code
Dashlane
Master password
KeePass
Master + Key file
LastPass
Master password
Any vault
Plain-text secret
Procedure

Split the master key across places.

01

Enter your master password

Your master password, your Secret Key, your recovery codes — enter as a single bundle. The product is agnostic to which manager you use.

Input
02

Encrypt with AES-256

The bundle is encrypted on your device with AES-256-GCM. The ciphertext means nothing without the encryption key.

Layer I
03

Split into 3 shares

The encryption key is divided into 3 shares using Shamir's Secret Sharing. Threshold 2-of-3. Any single loss is survivable.

Layer II
04

Distribute to three places

Home safe. Trusted person. Bank deposit box. Any two recover. No single mishap takes everything down.

Output

A vault you cannot recover is, eventually, a vault you have lost.

Threshold Vault · Operating principle
Cryptography

Two modules, one guarantee.

A symmetric cipher and a threshold scheme, applied in sequence. The math is from a 1979 paper by Adi Shamir; the cipher is the same used to protect classified material at the highest civilian level.
Module I · AES-256-GCM

The bundle is encrypted.

Authenticated symmetric encryption. GCM mode detects tampering on recovery. Without the encryption key, the ciphertext is meaningless and indistinguishable from random.

cipher · AES-256
mode · GCM
tamper-evident · yes
Module II · Shamir 1979

The key is split.

Each share is a point on a polynomial over a finite field. K points reconstruct it. Fewer than K reveal no information about the key. Provable, not promised.

scheme · Shamir K-of-N
field · GF(256)
vectors · 51 verified
Source on GitHub Security model
Server state

What our servers receive when you split.

Master password
[ NULL ]

Never sent. Encrypted on your device. We receive nothing that could reconstruct it.

Encryption key
[ NULL ]

Generated locally in your browser. Split locally. Never transmitted in any form.

Shamir shares
[ NULL ]

Produced on your device. Rendered to your shard cards. None reach our servers.

Recommended setup

Three places. Any two recover.

2 OF 3 i Home SAFE ii Trusted PERSON iii Deposit BOX
Holder node Threshold link
Questions

Before you split.

Yes. You give it any plain-text secret. A master password, a Secret Key, a recovery code, an exported vault backup, or all of them bundled. It does not need to know which manager you use.
The Secret Key is the second factor 1Password requires alongside your master password. Most people store it on one device and lose access when that device dies. Split it here alongside your master password so neither is a single point of failure.
Yes. A hidden note is one location, one failure. A 2-of-3 split survives any single loss and reveals nothing below the threshold. Two different kinds of safety.
Your shard cards still work. The recovery tool runs offline from your archive. The cryptography is open source. The design outlives the company.

Try it on a test password first.

Real cryptography on a throwaway value. No signup. When it clicks, you are one step from protecting the real thing.

Try it free See plans