ZZPass.com
ZZPass uses military-grade end-to-end encryption to protect your passwords. Your data is encrypted on your device before it ever leaves, and only you have the key to decrypt it. This guide explains how ZZPass keeps your passwords secure.
End-to-end encryption (E2EE) means your passwords are encrypted on your device and can only be decrypted by you. ZZPass - and no one else - can read your data.
Zero-knowledge architecture:
ZZPass cannot read your passwords, even if we wanted to. Your primary password never leaves your device, and we don't have the decryption keys.
This means:
• We can't access your passwords
• We can't recover your account if you forget your primary password
• Government or hackers can't force us to hand over your data
• Your privacy is guaranteed by design
AES-256 encryption:
ZZPass uses AES-256, the same encryption standard used by governments and militaries worldwide to protect classified information.
How strong is AES-256?
It would take billions of years for a supercomputer to crack AES-256 encryption through brute force. Your passwords are protected by virtually unbreakable encryption.
Your passwords are encrypted:
• On your device (at rest)
• During iCloud sync (in transit)
• On iCloud servers (in storage)
• During AutoFill (in memory)
At no point are your passwords ever stored in plain text or accessible to anyone but you.
Your Primary Password:
When you create your ZZPass account, you choose a primary password. This password is the master key to your encrypted vault.
Key Derivation:
ZZPass uses PBKDF2 (Password-Based Key Derivation Function 2) with 100,000+ iterations to derive an encryption key from your primary password.
Important:
Your primary password never leaves your device and is never sent to our servers. We only store encrypted data that we cannot decrypt.
Local Encryption:
When you save a password in ZZPass:
1. The password is encrypted on your device
2. Using AES-256 encryption
3. With your derived encryption key
4. Before it's ever stored or synced
Unique Encryption Keys:
Each piece of data is encrypted with unique cryptographic keys, adding an extra layer of security.
Double Encryption:
When syncing to iCloud:
1. Data is already encrypted by ZZPass
2. Apple adds another layer of encryption
3. Data travels encrypted over HTTPS
4. Stored encrypted on iCloud servers
Even if iCloud is compromised, your ZZPass data remains encrypted and unreadable.
Local Decryption:
When you unlock ZZPass:
1. You enter your primary password
2. The encryption key is derived on your device
3. Encrypted data is downloaded from iCloud
4. Data is decrypted locally on your device
5. You can view your passwords
Decryption happens entirely on your device - never on our servers or in the cloud.
Secure Memory:
When using AutoFill:
• Passwords are decrypted in secure memory
• Only visible during authentication
• Cleared immediately after use
• Never written to disk unencrypted
Face ID/Touch ID adds an extra authentication layer before passwords are decrypted.
iOS/macOS Security:
ZZPass leverages Apple's Secure Enclave:
• Biometric data never leaves the Secure Enclave
• Encryption keys protected by hardware
• Isolated from the main processor
• Tamper-resistant design
ZZPass can see:
• Your account exists
• When you last synced
• How much encrypted data you have
• Your email address (if provided)
This metadata helps us provide the service but reveals nothing about your actual passwords.
ZZPass cannot see:
• Your primary password
• Your passwords or usernames
• Your secure notes
• Which websites you use
• TOTP codes
• Any decrypted content
We literally cannot access this information - it's encrypted with keys we don't have.
Privacy by Design:
Even if:
• Our servers are hacked
• We're legally compelled to hand over data
• Rogue employees try to access data
• iCloud is compromised
Your passwords remain safe because they're encrypted with keys only you possess.
AES-256-GCM:
• Advanced Encryption Standard
• 256-bit key length
• Galois/Counter Mode for authenticated encryption
• Protects against tampering
Key Derivation:
• PBKDF2 with SHA-256
• 100,000+ iterations
• Per-user salt
• Protects against brute force attacks
At Rest:
• Encrypted local database
• iOS Data Protection API
• Complete encryption when device is locked
In Transit:
• TLS 1.3 for network communications
• Certificate pinning
• Perfect forward secrecy
In Use:
• Secure memory allocation
• Memory wiping after use
• Protection against memory dumps
Authentication:
• Face ID / Touch ID
• Biometric data never synced
• Hardware-backed authentication
Recovery:
• Emergency kit
• Offline backup support
• No password reset via email
No. If you forget your primary password, we cannot recover it or reset it because we don't have access to your encryption keys.
This is actually a feature - it proves that we truly cannot access your data. Use your emergency kit to regain access.
Yes. Your data is encrypted by ZZPass before being synced to iCloud, then encrypted again by Apple. Even if iCloud is compromised, your passwords remain protected.
You benefit from double encryption: ZZPass's E2EE plus Apple's iCloud encryption.
Your data remains safe. Without your primary password or biometric authentication, the encrypted vault cannot be opened.
Additional protections:
• iOS/macOS device passcode required
• Auto-lock after inactivity
• Encrypted local storage
No. ZZPass employees cannot access your passwords because they're encrypted with keys derived from your primary password, which we never receive or store.
We can only provide encrypted data if legally compelled. Since we don't have decryption keys, we cannot provide readable passwords to anyone - including governments.
Yes. All passwords are encrypted automatically. You don't need to enable encryption - it's always on and cannot be disabled.
✓ Use a strong primary password - At least 12 characters with a mix of letters, numbers, and symbols
✓ Never share your primary password - Not even with family, friends, or ZZPass support
✓ Store your emergency kit securely - Print it and keep it in a safe place, separate from devices
✓ Enable Face ID/Touch ID - Adds an extra layer of protection beyond your password
✓ Keep your devices updated - Security patches often fix vulnerabilities
✓ Use unique passwords everywhere - Generate strong, unique passwords for each account
✓ Enable auto-lock - Set ZZPass to lock automatically after a short period of inactivity
Browser managers (Chrome, Safari):
• Often sync passwords unencrypted or with weaker encryption
• Tied to your account login (easier to compromise)
• May allow password reset via email
ZZPass:
• End-to-end encrypted with zero-knowledge
• No password reset option (proves security)
• Military-grade AES-256 encryption
Services without E2EE:
• Can access your passwords
• Can reset your password
• Vulnerable to insider threats
• Must comply with government data requests
ZZPass:
• Cannot access your passwords
• Cannot reset your password
• No insider access possible
• Can only provide encrypted data
ZZPass uses the same encryption standards as:
• 1Password
• Bitwarden
• Signal (messaging app)
• Government classified systems
We follow industry best practices and security standards recommended by cryptography experts.
Learn More:
• Account Recovery Guide
• Phishing Protection
• AutoFill Security
• Backup & Export Security
• iOS User Guide
• macOS User Guide
Last updated: February 2026 | AES-256 encryption • Zero-knowledge architecture • iOS 17+ • macOS 14+