PIN-derived encryption
Your vault key is derived from a 4-digit PIN with PBKDF2-SHA256 at 200,000 iterations. Without your PIN, the data in the database is noise.
AES-256 with a key derived from your PIN via PBKDF2 (200,000 iterations). Passwords, cards, notes, files and 2FA — every secret encrypted on your device. Without your PIN, neither we nor anyone else can decrypt your data.
A single vault for your logins, your 2FA, your cards, your sensitive files — and who gets access if something happens to you.
Your vault key is derived from a 4-digit PIN with PBKDF2-SHA256 at 200,000 iterations. Without your PIN, the data in the database is noise.
Every password, card or note has its own key wrapped with your vault key. A server leak exposes nothing in clear.
Generate and store TOTP codes by scanning a QR. Replaces Google Authenticator and you never lose your codes when changing phones.
Up to 5 trusted people can request access to your vault. With a configurable waiting period (e.g. 7 days) so you can deny.
We cross-check your passwords against public breach databases. We email you if any appears. On Pro, in real time.
Store PDFs, deeds, ID photos or sensitive backups. All encrypted with the same vault key. Your Drive stays yours.
Instant email every time your vault is unlocked: IP, location, browser. Recognise the access — or cut it off in one click.
Lost your phone? One click and every active session is invalidated instantly. Your encrypted cookies stop working.
When you create the PIN we give you a unique code. If you forget the PIN, you use it to unlock without losing a single data point. Print it and keep it safe.
Passwords and passphrases with real randomness from the browser. Works offline. Your preferences stay local.
iOS, Android, Windows, macOS, Linux. Once installed it feels like a native app — no browser chrome.
Sign in with Google, Apple or a 6-digit email code. One less layer to remember, one less layer to leak.
Each password, card or note has its own encryption key, wrapped with your vault key. A hypothetical DB leak exposes nothing in clear.
The PIN is hashed before storage. Even if someone accesses the DB, they cannot recover your PIN or brute-force it in reasonable time.
5 failed attempts per minute per IP+user. Online brute force gives up before it starts.
Your persistent session cookie is encrypted and signed. Stealing it does not open your vault — your PIN is still required.
Centralise every personal login — from Netflix to your bank — and stop reusing passwords. Generator and 2FA in the same place.
Designate your partner, parents or siblings as emergency contacts. If something happens to you they can access after the waiting period you set.
Client logins, API keys, company cards, IBAN and invoices — all in one vault. No more WhatsApp shares or iCloud notes.
Each member with their own vault and cross-custody via emergency contacts. No admin panels that invite disaster.
With icon, autofill, built-in generator and breach check.
Scan a QR and store the TOTP secret. Replaces Google Authenticator.
Number, expiry, CVC and holder. Encrypted the same as passwords.
IBAN, holder, ID, branch phone. No more Google Drive.
Rich text and documents. Mark any item as secret.
Start free. Upgrade when you need to. Cancel anytime.
Start protecting your passwords safely and easily
Complete protection for your digital life on all your devices
Total control and advanced protection of your digital security
Secure payments · Cancel anytime · No commitments
After years using 1Password I switched to Medel Vault and I don't miss anything. Zero-knowledge encryption gives me the peace of mind I need, and the interface is much cleaner.
The password generator and anti-HIBP scan are just what my team needed. I recommend it to all devs.
Finally a manager I understand. The 4-digit PIN makes opening the vault a snap and the emergency contacts give me peace of mind.