Decentralized Credential Manager

Your Keys. Your Vault.
No Central Server.

NodeZero replaces LastPass with hardware-backed encryption, DID-based identity, and a zero-knowledge architecture. No master password. No breach target.

Install for Chrome View on GitHub

~487 KB · Open source · No account required · AGPL-3.0

Features

Everything you need, nothing you don't

Core security is never paywalled. Hardware keys, local encryption, and MFA are free for everyone.

Hardware-Backed Encryption

WebAuthn PRF derives your vault key from a hardware security key. No master password to crack, ever.

DID-Based Identity

Your Ed25519 did:key is your identity. Self-sovereign, portable, and free from any central authority.

Field-Level Encryption

Every field is encrypted individually with AES-GCM and unique random IVs. No single-blob vault.

Cross-Device Sync

Encrypted vault syncs via Cloudflare R2. Per-entry merge with tombstones ensures zero data loss across devices.

One-Click Import

Migrate from LastPass, 1Password, Bitwarden, or Chrome in seconds with drag-and-drop CSV import.

Lightweight & Fast

A ~487 KB browser extension. No desktop app needed. No account required. Install and go.

Security

Built different from the ground up

Traditional password managers store your vault on their servers and protect it with a master password — a single point of failure. NodeZero eliminates both.

Your vault is encrypted locally before it ever leaves your browser. Your DID key never touches a server. There's no central database to breach, no master password to crack, and no recovery backdoor for attackers to exploit.

Read the source on GitHub
Traditional
Vault stored on company servers
Encrypted on Cloudflare R2 — you hold the DID key
Metadata left unencrypted
Field-level AES-GCM encryption per entry
Master password is crackable
WebAuthn PRF-derived key — hardware-bound, no password
Lost device means locked out
12-word mnemonic recovery with slow KDF (~30s brute-force delay)
Account recovery backdoor exists
Delegation VCs — time-limited and revocable
Passkeys bolted on as afterthought
Passkeys are first-class Verifiable Credentials
Requires a heavy desktop app
Lightweight browser extension — zero install friction
How It Works

Three steps to total control

No accounts. No emails. No phone numbers. Just install, secure, and browse.

01

Install & Setup

Install the Chrome extension. Register your passkey or set a vault PIN. Takes under a minute.

02

Secure Your Vault

A 12-word recovery phrase is generated. Verify three words. Your vault is sealed with hardware-grade encryption.

03

Browse with Control

Right-click to fill, generate, or save credentials. No auto-fill surprises. You're always in control.

Pricing

Security shouldn't cost extra

All core security features are free, forever. Premium unlocks collaboration and convenience.

Free

CORE
$0 / forever

Everything you need to replace your password manager. No strings attached.

  • Unlimited passwords & notes
  • WebAuthn PRF & PIN unlock
  • 12-word mnemonic recovery
  • Cross-device sync (100/day)
  • CSV import (4 formats)
  • Context menu actions
  • Auto-lock (10 min idle)
  • 2 MB vault storage
  • Encrypted file attachments
  • Secure credential sharing
  • Security audit report
  • Priority support
Install for Chrome

Premium

PRO
TBD

For power users who need collaboration, attachments, and advanced security.

  • Everything in Free
  • 50 MB vault storage
  • 10,000 syncs/day
  • Encrypted file attachments
  • Secure credential sharing
  • Weak/reused password report
  • Delegation VCs
  • Priority support
Coming Soon

No core security features are paywalled. MFA, hardware keys, and local encryption are 100% free.

Open Source

Transparency is not optional

Every line of encryption code, every sync protocol, every key derivation function — auditable by anyone. Security through transparency, not obscurity.

View Source on GitHub
AGPL-3.0 Licensed
No Telemetry
Zero Central Servers