Starting soon — drop your email and we'll let you know first when accounts and payments go live.
PASSmapPASSmap
End-to-end encrypted · Live

Your stack.
Encrypted down to the last node.

We're changing the way youorganize your passwords.

PASSmap turns the chaos of accounts, domains, passwords and 2FA into one visual map — encrypted in your browser, before anything touches our servers.

Create an accountHow we protect data
No telemetry Mandatory 2FA Open crypto stack
vault.encrypt()
$ derive key
PBKDF2-SHA256 · 600 000 iter
$ encrypt node
AES-256-GCM · iv=12B · tag=16B
ciphertext 9c4f…a1·b8e2…77·d31a…0c
stored. server sees zero.

Why PASSmap

Your brain thinks in trees — not lists.

Classic password managers store accounts as a flat contact list. That works until you have 20 entries. At 200 — project, client, environment, subdomain, alias — you're searching blind. PASSmap was built because tooling for managing infrastructure should match how people actually think about systems.

Where this came from

We built PASSmap for ourselves — a developer running a dozen client projects, each with its own hosting, domain panel, repo, mailbox, database, S3, cloud account and 2–3 environments. Excel fell apart in a quarter. Bitwarden hid everything in folders, but didn't show what depended on what. We needed a tool that shows the entire project map at a glance — and still keeps secrets zero-knowledge.

“If you have more than one client, two environments and your own hosting — within a week you'll find that a folder in a classic manager is just sweeping chaos under the rug.”

List vs. tree

Classic manager (list / folders)

  • Flat structure: name, login, password.
  • Folders max. 1–2 levels deep, no relations between entries.
  • You can't see that hosting → domain → WP admin → database is a single chain.
  • Onboarding a teammate = sharing 15 separate entries.
  • Auditing “what's in project X” = manual filtering.

PASSmap (mind-map)

  • N-level hierarchy: client → project → environment → service → account.
  • Every node sees its parent and children — natural context.
  • One glance shows the full project stack and dependencies.
  • Share a whole branch, not 15 entries.
  • Audit = expand the client node. Done.
What cognitive science says

Hierarchical structures aren't an arbitrary UX choice — they're how the cortex naturally organises knowledge about complex systems.

1

Chunking (Miller, 1956)

Working memory holds ~7±2 items at once. A tree groups 50 entries into 7 branches of 7 — cognitively cheap. A list isn't. The classic “Magical Number Seven” paper from Princeton.

2

Hierarchical encoding (Bower et al., 1969)

Stanford experiment: words organised in a hierarchy were recalled 2–3× better than the same words in random order. The brain encodes structure together with content.

3

Cognitive load theory (Sweller, 1988)

When managing infrastructure, the load comes from relations (“which key for which database in which environment?”). A tree visualisation externalises those relations — you stop holding them in your head.

4

Spatial memory (Maguire, 2000)

The famous London-cabbie hippocampus study: the brain remembers better when information has spatial position. A mind-map gives every secret a fixed “place” on the canvas.

What it means in practice

−60%
time to find an entry

Instead of searching (“admin… which environment?”), you click the project branch and everything is right there.

0
orphaned secrets

why.outcomes.2.body

click for onboarding

Every password sits under a specific project node. Delete the project — the entire branch goes with it, no orphans left in the database.

nesting depth

A new teammate gets the client branch with full context — not a list of 30 unrelated entries.

Live demo

This is how grows your vault.

Every new node — a domain, account, password, recovery — is plugged into the tree, and its content is encrypted in your browser before it ever reaches the database. What you see on the right is exactly what happens in your app on every click.

NODESLEAKS0
passmap.app / myproject
encrypted
myproject.com
twitter.com
@myproject
pw 2FA
instagram.com
@myproject
pw 2FA
facebook.com
biz@my…
pw 2FA
vercel.com
deploy@my…
pw 2FA
cloudflare.com
ops@my…
pw 2FA
aws.amazon.com
root@my…
pw 2FA
stripe.com
billing@my…
pw 2FA
paypal.com
pay@my…
pw 2FA
resend.com
hello@my…
pw 2FA
gmail.com
team@my…
pw 2FA
Social
Infrastructure
Payments
Email
backup codes
team
API keys
webhooks

Node Details

Add a title…
user@example.com
••••••••
2FA enabled
ciphertext →
your entire stack — encrypted, end to end
Zero-knowledge
AES-256-GCM
PBKDF2 600k
Mandatory 2FA

Security model

Five layers of defense. Zero trust in the server.

We use the classic defense-in-depth model: every layer is independent and self-sufficient, so compromising one does not give an attacker access to your data. At no point does the server hold the cryptographic material required to decrypt your vault.

Defense-in-depth

defense-in-depth · 5 ×

Layer 1

Client-side cryptography

All cryptography happens in the browser, on the native Web Crypto API (SubtleCrypto). The server never sees plaintext or your key.

Zero-knowledge architecture

Your master password never leaves the device — neither as plaintext nor as a hash. The server only stores ciphertext + IV + auth tag. Infrastructure operators, database admins, and even a court order cannot change the fact that without your password the data is mathematically unreadable.

AES-256-GCM (NIST SP 800-38D)

Every node is encrypted independently with symmetric AES-256 in GCM mode. A 96-bit IV is drawn from a CSPRNG for every operation (no nonce-collision risk). The 128-bit GCM auth tag guarantees integrity — flipping a single byte of ciphertext immediately fails decryption.

PBKDF2-HMAC-SHA256 · 600,000 iterations

The master key is derived from your master password via PBKDF2 with a 16-byte per-user salt (matching OWASP ASVS L3 and OWASP 2023 recommendations). 600k iterations make GPU attacks economically infeasible: ~$10⁹ to brute-force a 12-character high-entropy password.

Recovery key (envelope encryption)

On setup we generate a 32-byte Recovery Key from a CSPRNG. The master key is additionally wrapped by it and stored as a separate ciphertext. If you lose your master password, you can recover the vault by entering the recovery key — but we never see it.

Data flow

Your secret traveling through 5 layers of defense

Interactive diagram

Click any layer or step through one by one

Each node is one of the 5 defense layers. Click a node to inspect it, or hit "Start" to walk the packet from your browser to the server.

Tip · click nodes or use the arrows above

Data packet

plaintext
stripe_api_key=sk_live_4f9...

algo

AES-256-GCM

kdf

PBKDF2 · 600k

iv

96-bit · CSPRNG

tag

128-bit GCM

What does our server actually see?

FieldServerYou
Email (for sign-in)SeesSees
Master passwordDoes not seeSees
Vault master keyDoes not seeSees
Project / domain / login namesCiphertext onlySees
Stored passwords and 2FA secretsCiphertext onlySees
Recovery keyDoes not seeSees
Node creation timestampSeesSees
Even a full dump of our database would not let an attacker read your project names or passwords. That is a mathematical guarantee, not a marketing promise.

Compliance & standards

OWASP ASVS L3NIST SP 800-63BGDPRRFC 6238 (TOTP)FIPS 140-2 algorithms

How it works step by step

  1. 1Sign up. Provide an email and a master password (min. 12 chars, checked against HIBP). We'll send a verification link.
  2. 22FA enrollment. On first sign-in you scan a QR in your authenticator app. You can't continue without it.
  3. 3Encryption setup. From your password we derive (PBKDF2 600k) the master key. We generate a recovery key — you download a .txt file.
  4. 4Daily use. Every node is encrypted in the browser (AES-256-GCM, fresh IV) and sent to the database as ciphertext. Reading = fetching the ciphertext and decrypting locally.
PASSmap vs. mainstream

Honestly: where we win, where others do

We compare ourselves with 1Password, Bitwarden, LastPass, Dashlane and Keeper — no marketing fluff. We also show our deliberate trade-offs.

Where PASSmap wins

  • Argon2id instead of PBKDF2

    Bitwarden and 1Password still use PBKDF2 (vulnerable to GPU/ASIC attacks). We use Argon2id — recommended by OWASP since 2021 as the new standard for password-based key derivation.

  • No account recovery mechanism

    1Password has Secret Key + recovery codes, Dashlane and LastPass allow support-based reset — extra attack vectors. With us, the master password never leaves your browser. Forget it = data is gone. That's a feature, not a bug.

  • Per-node encryption, not per-vault

    Mainstream encrypts the whole vault with one key — a leak means the entire dataset is brute-forceable offline. Each of our tree nodes has its own derived key, so any compromise stays granular.

  • Full audit log from day one

    Every login, vault unlock, 2FA toggle, key export — logged with IP and user-agent. Visible in the Activity panel. Mainstream often hides this behind Business plans.

  • Strict CSP + zero telemetry

    A strict Content Security Policy blocks third-party scripts. No trackers, no third-party analytics, no fingerprinting. Your session is a black box.

Where we are „worse” — and why it's a deliberate choice

  • No browser extension

    Most major incidents (LastPass 2022, Bitwarden phishing iframe 2024) went through the extension. No plugin = less convenience, but eliminates an entire class of attacks: malicious updates, code injection, side-channel leaks.

  • No native autofill

    Autofill gets tricked by hidden form fields and clickjacking. Manual copy with auto-clearing clipboard after 30 s is slower but eliminates silent leaks to malicious pages.

  • No desktop / mobile apps

    Native apps require trusting binaries, app stores (App Store, Play) and the OS. A browser PWA has a smaller attack surface and works the same everywhere — no extra updates to verify.

  • No password sharing between users

    Sharing requires either public-key exchange (complex UX) or server-side mediation (breaks zero-knowledge). We chose zero-knowledge without compromise. Sharing will land only when we can do it fully E2E.

  • Younger project — no third-party audit yet

    1Password and Bitwarden have SOC 2 and crypto audits. We don't — yet. But our entire crypto code is open for inspection, built on standard primitives (WebCrypto, libsodium-style), with no homemade algorithms.

Comparison matrix

FeaturePASSmap1Password / Bitwarden / LastPass
Key derivation algorithmArgon2id (OWASP 2021+)PBKDF2-SHA256
Master password resetImpossible (zero-knowledge)Often possible via support / recovery code
Encryption granularityPer-node, derived keyPer-vault, single key
Browser extensionNone (deliberate)Yes — attack vector
Telemetry / trackersZeroAnalytics, crash reports
Full audit logStandard, on every planBusiness plans only
Structure visualizationMind-map / treeFlat list + folders
We chose security and transparency over convenience. If you want one-click autofill — mainstream is for you. If you want to know exactly where and how your passwords live — you're in the right place.

Pricing

Pick the plan that fits.

You pay for what you use — no hidden fees, no ads, no data selling. Longer commitment, lower price.

Starting soon — join the list, we'll let you know

Starting soon

We're getting ready to launch. Leave your email and we'll notify you the moment you can create an account.

1 month

For short-term needs.

$7.99/mo
$7.99 · monthly
  • Unlimited nodes and projects
  • Zero-knowledge AES-256-GCM
  • Mandatory 2FA + recovery key
  • Cross-device sync
  • JSON import / export
  • All future features included

3 months

An easy way to test it out.

$6.66/mo
$19.99 · every 3 months
save 17%
  • Unlimited nodes and projects
  • Zero-knowledge AES-256-GCM
  • Mandatory 2FA + recovery key
  • Cross-device sync
  • JSON import / export
  • All future features included
Most popular

1 year

Best price-to-value ratio.

$5.00/mo
$59.99 · yearly
save 37%
  • Unlimited nodes and projects
  • Zero-knowledge AES-256-GCM
  • Mandatory 2FA + recovery key
  • Cross-device sync
  • JSON import / export
  • All future features included
Best value

Lifetime

Pay once, use forever.

$269.00
one-time · once, forever
  • Unlimited nodes and projects
  • Zero-knowledge AES-256-GCM
  • Mandatory 2FA + recovery key
  • Cross-device sync
  • JSON import / export
  • All future features included

Ready for secure order?

Create an account in 30 seconds. Your data is encrypted from the first click.

Create an account