Android

This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data.

The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password authenticator.

The project covers a broad range of security and access capabilities, including biometric vault unlocking, multi-factor authentication, and secure credential generation. It supports organizational vault management with permission-based secret sharing and integrates with corporate identity providers via single sign-on and directory services.

Additional features include data breach monitoring, encrypted file attachments, and emergency account recovery mechanisms.

Features

Password Management - Provides a secure system for storing, organizing, and synchronizing encrypted usernames and passwords across devices.
End-to-End Encryption - Uses zero-knowledge end-to-end encryption to ensure only the user can decrypt their stored credentials.
Zero-Knowledge Vaults - Uses zero-knowledge end-to-end encryption to ensure that only the user can decrypt and access their credential vault.
Password Managers - Provides a secure, encrypted vault for storing and organizing login credentials across multiple devices.
TOTP Authentication Systems - Generates TOTP codes for two-step login by scanning QR codes or manually entering secret keys.
Password Manager Applications - Provides a comprehensive Android application for storing and synchronizing encrypted login credentials and secure notes.
Account Recovery - Provides mechanisms to reset master passwords or disconnect two-step login to restore account access.
Alternative Authentication Methods - Enables flexible login options via device approval, passkeys, or SSO to reduce reliance on master passwords.
Authentication Login Handlers - Implements a secure login flow requiring multiple forms of verification to prevent unauthorized vault access.
Biometric Authentication - Employs fingerprint and face recognition to provide rapid and secure access to the encrypted vault.
Autofill Integrations - Populates usernames and passwords into application and website login fields to eliminate manual entry.
Biometric Unlocking - Employs fingerprint or face recognition to provide rapid, secure access to the encrypted vault.
Encrypted Storage - Provides an encrypted vault to centralize the storage of API keys, database credentials, and certificates.
Encrypted Storage Vaults - Utilizes an encrypted storage vault to protect passwords, secure notes, and sensitive identity profiles.
Credential Security and Utilities - Creates and securely stores strong passwords and cryptographic passkeys across multiple synchronized devices.
Credential Storage - Provides secure storage for passwords, credit cards, and notes that synchronizes across multiple user devices.
Directory Service Integrations - Integrates with external directory services and single sign-on to manage user authentication.
Identity Provider Integrations - Connects to external identity providers to enable authentication using corporate credentials.
Multi-Factor Authentication - Protects the encrypted vault using multi-factor authentication and secondary verification methods.
Enterprise SSO Authentication - Validates user identities using external enterprise identity providers to grant account access.
One-Time Passwords - Produces time-based one-time passwords for two-step verification during the login process for third-party applications.
OpenID Connect Support - Authenticates users via SAML 2.0 and OpenID Connect to leverage corporate identity providers.
Organizational Resource Ownership - Establishes organizational control over credentials to ensure secure collaboration and asset recovery.
Passkey Authentication - Provides support for passwordless authentication using cryptographic passkeys for secure access to services.
Vault Decryption - Allows users to decrypt their credential vault using WebAuthn compatible hardware keys or passkeys.
Secure Multi-Device Synchronization - Synchronizes phishing-resistant passkey credentials across multiple user devices using encrypted protocols.
Password Generators - Generates high-entropy, unique usernames and passwords to prevent credential reuse and improve account security.
Credential Management Tools - Provides a secure environment for storing and managing passwords, API keys, and other technical machine credentials.
Two-Factor Authentication - Generates time-based one-time passwords directly within the vault for integrated two-factor authentication.
Organizational Data Ownership - Shifts ownership of vault items from individual users to the organization to ensure centralized control.
OS-Integrated Autofill Fields - Integrates with the Android system to automatically populate credentials into mobile app and browser login fields.
Vault Item Distribution - Distributes specific credentials or collections of items among individuals, family members, or organizational teams.
Organization-Based Access Management - Organizes vault data and users into collections and groups with specific roles and permissions.
Organization Member Administrations - Provides programmatic tools to administer organization members, collections, groups, and security policies.
Secure File Sharing - Distributes sensitive documents and information to specific recipients using encrypted sharing links.
Credential Migration Tools - Provides utilities to bulk import passwords and vault information from external management systems and browsers.
Organizational Credential Distribution - Transfers item ownership to an organization and assigns it to collections to control member access.
Permission-Based Secret Sharing - Distributes credentials across users and organizations using a permission model to control secret access.
Access Auditing - Tracks vault usage through event logs to identify security risks and enforce least-privilege access.
Audit Logs - Provides detailed event logs and monitoring for weak or reused passwords to audit data access.
Corporate Directory Synchronizations - Connects to corporate directories to automate the management of user accounts and access permissions.
Credential Analysis - Provides historical reporting to track credential exposure and remediation progress over time.
Credential Health Audits - Automatically detects weak, reused, or exposed credentials to ensure adherence to security best practices.
Immediate Page-Load Population - Automatically populates login fields as soon as a page loads to eliminate manual user interaction.
URI Matching Logic - Defines how website URLs match stored credentials to ensure consistent and secure autofill behavior.
Credential Monitoring Services - Continuously monitors for compromised passwords via breach alerts and detects unauthorized usage.
Dark Web Monitoring - Scans underground forums and data leaks to alert users when credentials appear on the dark web.
Credential Vaults - Moves passwords and secrets from web browsers or other password managers into a centralized secure vault.
Vault Backups - Allows users to export their encrypted vault contents into a secure file for backup purposes.
Breach Monitoring - Monitors email addresses and credentials against known breach databases to alert users of exposure.
Password Access Restrictions - Restricts access to shared content using passwords, email verification, and expiration dates.
Multifactor Encryption - Adds additional cryptographic layers to stored information to protect data even if the primary vault is compromised.
Encryption Key Management - Generates new random encryption keys and re-encrypts all vault data after a suspected compromise.
Encrypted Secret Sharing - Distributes credentials via shared collections or transmits encrypted text and files to external parties.
Granular Access Controls - Defines precise permissions to restrict which users or groups can view or edit credentials.
Granular Permission Systems - Provides a framework for defining complex, role-based authorization structures and granular permissions for specialized tasks.
Credential Lifecycle Management - Manages the operational aspects of credentials, including ownership reassignment during employee transitions to prevent data loss.
Credential Security - Analyzes access patterns to proactively identify and fix vulnerabilities in credential usage.
Credential Sharing - Creates shared vaults for partners or family members to grant and revoke access to credentials.
Family Vault Sharing - Sets up a shared secure vault allowing family members to access common logins and information.
SCIM Provisioning - Automates user account creation and group synchronization using the SCIM protocol.
Organizational Structure Management - Configures and distributes secure password vaulting tools across a corporate hierarchical structure.
User Role Management - Defines and assigns member roles to control available actions and permissions within an organization.
Automated Login Flows - Automatically fills and submits login forms when users access approved applications from an identity provider dashboard.
Automated Login Policies - Implements single sign-on policies to enable one-click automated logins for web-based applications.
Identity Orchestration - Streamlines deployment and user management by connecting SSO providers, directory services, and SIEM tools.
Passwordless Vault Access - Provides access to the secure vault through SSO providers without requiring a master password.
SSO Enforcement Policies - Forces members to authenticate via a corporate identity provider instead of using standard login credentials.
User Synchronization - Imports users and groups from external directory services to maintain organizational membership.
Message Encryption - Transmits text, files, and links through a secure, encrypted channel to recipients.
Encrypted File Sharing - Transmits encrypted text and files to any recipient via a secure, randomly generated link.
Organizational Vault Administration - Centralizes ownership of credentials and enforces policies to generate reports and control shared items.
Organizational Vault Management - Centralizes credential storage for businesses with administrative tools for ownership, policies, and security reporting.
Implementation SDKs - Provides a dedicated SDK for developers to build FIDO2-based passkey features into mobile applications.
Passkey Sharing - Distributes passkeys among authorized users to enable secure, collaborative access to shared accounts.
Password Policies - Enforces minimum length and complexity requirements for master passwords to ensure vault security.
Temporary Link Passwords - Shares encrypted text or files via secure temporary links with defined expiration timers.
Strength Analyzers - Analyzes existing passwords to estimate brute-force resistance and suggests stronger replacements.
Password Manager Integrations - Implements connectors to import vault data and credentials from other external password management services.
Password Trend Analysis - Calculates the estimated time required to crack passwords to determine their cryptographic strength.
Programmatic Access Control - Offers programmatic interfaces for retrieving and managing credentials stored within the secure vault.
Role-Based Access Control - Manages user permissions by assigning specific roles and access levels to individuals and groups.
SCIM Provisioning - Automates user lifecycle and group membership management using standard SCIM protocols.
Secret Encryption - Transmits sensitive information to other users through a secure, encrypted channel.
Secrets Management - Provides a multi-language SDK for programmatically managing and retrieving secrets within custom applications.
Vault Health Analysis - Runs local reports to identify security risks like weak passwords without decrypting data on a server.
Passphrase Generation - Creates complex, randomized strings of words and characters based on custom length and separator preferences.
Secret Access Policies - Defines governance rules to control which employees or machine agents can access specific credentials based on scopes.
CLI Secret Management - Provides a command-line interface for accessing and managing the secure credential vault.
Single Sign-On Integrations - Integrates with corporate identity providers and directory services via SSO for automated user provisioning.
Mandatory MFA Enforcement - Forces organization members to enable a second authentication factor to ensure secure vault access.
User Access Restoration - Resets a member's master password or two-step login methods via administrator action and recovery link.
External User Provisioning - Automatically creates local user accounts based on data retrieved from corporate identity providers.
Administrative CLI Interfaces - Offers a terminal-based interface for the comprehensive administration of vault contents.
Vault Ownership Transfers - Allows a trusted contact to replace the account master password and gain full control of the vault.
Secret Injection Tools - Retrieves and injects secure secrets into environments using a dedicated command-line tool.
Credential Access Monitoring - Generates detailed event logs and vulnerability reports to monitor password strength and data access.
Emergency Access Delegation - Grants designated trusted users access to a vault in the event of an account lockout.
Vault Health Monitoring - Generates reports and audits to identify credential vulnerabilities and ensure alignment with security best practices.
Security And Privacy - Password management and vault synchronization.

bitwarden/server

18,074View on GitHub

This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut

bitwarden/clients

13,114View on GitHub

This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.

teamhanko/hanko

8,801View on GitHub

Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.

Kunzisoft/KeePassDX

6,359View on GitHub

KeePassDX is an Android password manager that opens, edits, and stores encrypted credential databases using the open KeePass 2.x file format. It keeps all password data stored locally on the device without requiring cloud sync or internet access, and supports multiple symmetric-key encryption algorithms including AES, Twofish, and ChaCha20 with Argon2 key derivation. The app unlocks the credential database by delegating authentication to the platform's biometric API, allowing users to bypass the master password entry using fingerprint or face recognition. It generates one-time passwords local

bitwardenandroid

Features

Open-source alternatives to Android

bitwarden/server

bitwarden/clients

teamhanko/hanko

Kunzisoft/KeePassDX

Star history

Open-source alternatives to Android

bitwarden/server

bitwarden/clients

teamhanko/hanko

Kunzisoft/KeePassDX