Security Architecture

Zero-Knowledge Architecture

Keyzspace uses a zero-knowledge architecture, meaning we never have access to your unencrypted data. Your master password is used to derive encryption keys locally in your browser and never leaves your device.

Bottom line:

Even if hackers gain full access to our servers, your passwords remain encrypted and unreadable.

Encryption Details

  • AES-256-GCM: Military-grade encryption for all stored passwords
  • Argon2id: Memory-hard password hashing (winner of Password Hashing Competition)
  • Key Encryption Keys (KEK): Your encryption keys are themselves encrypted with your master password
  • Unique nonces: Every encryption operation uses a unique nonce for maximum security

Multi-Factor Authentication

MFA is mandatory for all accounts. We support:

  • ✓ TOTP Authenticator apps (Google Authenticator, Authy, 1Password, etc.)
  • ✓ YubiKey hardware tokens
  • ✓ Backup codes (for account recovery)

Data Security

  • ✓ TLS 1.3 encryption for all data in transit
  • ✓ Regular security audits and penetration testing
  • ✓ Encrypted database backups
  • ✓ Rate limiting and brute-force protection
  • ✓ Session management with secure cookies
Start Securing Your Passwords