Jou wagwoorde, jou beheer.

Een grootboek, agt identiteite

Elke sensitiewe veld geënkripteer met AES-256-GCM, met sy eie ewekansige IV.

Geen tweede app nodig nie

Skandeer om te stoor. AutoFill vul die 6-syfer kode saam met die wagwoord in.

'n Sterk een, in 'n sekonde

Ewekansige string of EFF-woordelysfrase. Lewendige entropie-meter.

FIDO2 / WebAuthn

Plaaslik gegenereer en gestoor. Privaatsleutel verlaat nooit die toestel in plaintext nie.

HIBP · k-anonymity

Slegs die eerste 5 karakters van die SHA-1 hash verlaat die toestel. Jou wagwoord nooit nie.

Safari · apps · sleutelbord — een stap

Stelselvlak AutoFill-uitbreiding. Face ID bevestig; kodes word ook ingevul.

End-to-end · opsioneel

Gerig deur Apple se private CloudKit. Sensitiewe velde word op die toestel geënkripteer voor oplaai — slegs syferteks beweeg tussen toestelle.

Joune om te hou, enige tyd

1Password · Bitwarden · LastPass · KeePass · Dashlane · Apple Keychain. Drie uitvoerformate: JSON / CSV / 1PUX.

Verkeerd geredigeer? Per ongeluk geskrap? Herwinbaar.

Elke wagwoordverandering stoor die vorige waarde — tot 5 geskiedenisweergawes gehou, een-tik terugrol. Geskrapte items gaan na die Asblik.

Knipbord tel af. App sluit homself.

Plakbord maak outomaties skoon oor 5 voorinstellings (15-90s); voorgrond / agtergrond outo-sluit afsonderlik instelbaar.

Tik vanaf die slotskerm, wagwoord is daar

Twee widgets: vinnige kluistoegang + onmiddellike wagwoordgenereerder.

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

• RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
• iCloud cross-device sync (E2E encrypted, Premium)
• Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

• Detects leaked / weak / reused / outdated
• HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
• One tap jumps to the entry to replace

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

• ES256 (ECDSA P-256, COSE -7)
• AutoFill Extension handles registration + assertion
• iCloud E2E encrypted sync (Premium)

Every digital identity, in one place.

Top 10 / All / Favorites / Logins multi-view; live filtered search. All eight DataType cases run the full field-level encryption pipeline — not a 'password app', but a digital-identity ledger.

• 8 types: login / card / API key / identity / note / license / passkey / OAuth token
• Each entry gets its own AES-256-GCM key; plaintext never leaves the device
• Local-first; optional iCloud end-to-end encrypted sync

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

• RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
• iCloud cross-device sync (E2E encrypted, Premium)
• Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

One entry — every field at once.

Login detail: username, password, history, linked TOTP, website, custom fields. Each sensitive field independently decrypted with its own IV, shown only on demand. Copy auto-clears the clipboard.

• Each sensitive field independently AES-256-GCM encrypted with its own IV
• TOTP / Passkey two-way linking shown together
• Copy auto-clears clipboard (5 presets)

Made a typo? Deleted by mistake? Recoverable.

Every change saves the previous value (spec:R3 — up to 5 versions kept); tap the timeline to restore. Deleted items are retained for 90 days before permanent removal.

• Up to 5 history versions kept
• Four source markers: manual / AutoFill / imported / sync
• Deleted items retained 90 days

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

• Detects leaked / weak / reused / outdated
• HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
• One tap jumps to the entry to replace

A strong one — in one second.

Random (4-64 chars / exclude look-alikes / digits-only for PIN) or EFF passphrase, with live entropy meter. Replaces the old value and records the change in history.

• Two modes: random (incl. PIN) + EFF passphrase
• Apple system CSPRNG (Swift Int.random + SecRandomCopyBytes)
• Live entropy meter and strength indicator

Tap in Safari, and the password fills itself.

AutoFill Extension uses Apple's official ASCredentialProviderViewController; after Face ID / Touch ID, the username, password and TOTP all go in together. Info.plist also declares SupportsSavePasswordCredentials, so new passwords save back to ByteGuard from any flow.

• ASCredentialProviderViewController, system-level credential provider
• Safari + third-party apps, all flows covered
• Unlock via Face ID / Touch ID; TOTP delivered in the same step

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

• ES256 (ECDSA P-256, COSE -7)
• AutoFill Extension handles registration + assertion
• iCloud E2E encrypted sync (Premium)

PAN encrypted, CVV never stored.

Card number (PAN) gets its own AES-256-GCM key with a unique IV. Cardholder name, expiry, brand (Visa / Mastercard / etc.) stay searchable as metadata. CVV/CVC are never persisted on this device.

• PAN encrypted; BIN (first 4-6) / last 4 shown in plaintext
• CVV/CVC never persisted on device
• Cardholder / expiry / brand / billing-address metadata

Dark / Light / System.

AppearanceMode three modes: system / light / dark — switch any time, no restart. Premium tier unlocks multi-color themes; Home Screen widgets stay in sync.

• AppearanceMode three modes: system / light / dark
• Multi-color themes (Premium)
• Home Screen widgets follow theme

Argon2id sleutelafleiding

wagwoord + Secret Key + 32B sout → Master Key. Parameters: 64 MB geheue · 3 iterasies. Bestand teen GPU/ASIC-aanvalle.

HKDF-SHA256 sleutelhiërargie

Master Key → KEK → ewekansige DEK. Elke kluis kry sy eie DEK — geen horisontale ontsleutelingspad nie.

Veldvlak AES-256-GCM

Elke sensitiewe veld onafhanklik geënkripteer · nuwe ewekansige IV by elke skryfaksie. Selfde plaintext → verskillende syferteks.

128-bit Secret Key

'n Ewekansige sleutel ('n 12-woord BIP39 mnemoniek in vorm), onafhanklik van die hoofwagwoord. Selfs as die hoofwagwoord uitlek, kan dit nie ontsleutel word nie.

Field-level AES-256-GCM

Every sensitive field encrypted independently, with its own random IV.

Argon2id key derivation

64 MB memory × 3 iterations — resistant to GPU/ASIC brute force.

128-bit Secret Key

A random key independent of the master password — your second line of defense.

Full offline mode

iCloud sync can be turned off in one tap; the app falls back to pure local storage.

HIBP k-anonymity lookup

Only the first 5 chars of the SHA-1 hash are sent — your password never leaves the device.

Native system integration

AutoFill, Passkey, and TOTP all use Apple's official APIs. No reinvented wheels.

Zero third-party SDKs

No analytics. No tracking. No ads. No crash reporters.

No web app or browser extension

XSS, extension supply-chain attacks, CDN takeovers — that surface is excluded by architecture, not policy.

No Android or Windows builds

Each platform means re-implementing the crypto primitives correctly. Get one line wrong and the whole chain breaks.

No team or enterprise sharing

Sharing is trust delegation — I'm still working out how to do it right. Until I am, I won't ship it.

No self-hosting option

Under zero-knowledge, self-hosting just shifts the operational burden to you with no real security gain.

No third-party audit yet

Honestly: I haven't paid for one yet. The /security page documents every crypto decision against the source so anyone can verify independently. Independent audit + open-sourcing the crypto core are both on the 2026 roadmap — follow the GitHub repo to be notified when they land.

No "recover master password" path

If I could recover it, it wouldn't be zero-knowledge. The most reliable backup is still old-school: write your master password and Secret Key on paper and store them apart.

No aggressive release cadence

Crypto-related changes will move very conservatively. Stability over novelty.

Wie is jy? Hoekom moet ek jou met my wagwoorde vertrou?

Ek is 'n indie-ontwikkelaar. ByteGuard is deur my alleen geskryf — geen span, geen befondsing, geen derdeparty sekuriteitsoorsig. Kode antwoord — lees die witskrif, inspekteer GitHub, en toets of dit by jou behoeftes pas. Vertroue moet op die sigbare gebaseer wees, nie op handelsmerk nie.

Wat as ek my hoofwagwoord vergeet?

Ek kan dit nie herstel nie. Dit is die prys van zero-knowledge: ek kan nie terugstel wat ek nooit geweet het nie. Gebruik Face ID / Touch ID daagliks, en stel noodherstel op — skryf jou Secret Key en hoofwagwoord op 'n veilige plek neer.

Wat as ek my Secret Key verloor?

Dit hang af of jy iCloud Keychain-sinchronisasie vir jou Secret Key geaktiveer het. Indien wel, is dit in Apple se end-to-end geënkripteerde Keychain en kan vanaf 'n ander Apple-toestel herstel word. Indien nie, het jy die geskrewe rugsteun nodig.

Is iCloud-sinchronisasie regtig veilig? Kan Apple niks sien nie?

Alle sensitiewe velde word met AES-256-GCM geënkripteer voordat hulle ooit die toestel verlaat. iCloud ontvang slegs syferteks. Selfs as jou Apple-rekening gekompromitteer word, kan dit nie ontsleutel word sonder jou hoofwagwoord nie.

Hoekom geen Android / Windows / Web nie?

Twee redes. Een persoon kan net soveel kode onderhou, en kruisplatform beteken om die kripto-kern oor en oor te herimplementeer — elke platform is nog 'n aanvalsoppervlak. Diepte in die Apple-ekosisteem bo wydte gekies.

Is dit moeilik om vanaf 1Password / Bitwarden oor te skakel?

Direkte invoer vanaf 1Password / Bitwarden / LastPass / KeePass / Dashlane / Apple Keychain uitvoerlêers. Gewoonlik 'n paar minute. Sien die gedetailleerde invoergids binne die app.

Sal pryse styg? Sal die lewenslange vlak in 'n intekening verander?

$9.99 lewenslank is permanent en sluit alle toekomstige opdaterings in. As 'n 'premium subscription' vlak ooit bygevoeg word, sal jou lewenslange status nie geraak word nie — dit is die belofte.