Dine adgangskoder, din kontrol.

Beskyt dine adgangskoder, adgangsnøgler, 2FA og bankkort med AES-256-GCM-kryptering. Lokalt først, valgfri iCloud-synkronisering.

Built on modern iOS primitives

§ 01 · Én protokol

Én protokol, kun din. Ingen tredje kopi, nogen steder.

Ikke en 'adgangskode-app' — en krypteret protokol, der samler enhver digital identitet ét sted. Alle otte typer poster går gennem den samme krypteringspipeline på feltniveau.

// 01 · 8 item types

One ledger, eight identities

Every sensitive field encrypted with AES-256-GCM, with its own random IV.

// 02 · TOTP

No second app needed

Scan to save. AutoFill fills the 6-digit code along with the password.

// 03 · Generator

A strong one, in a second

Random string or EFF wordlist phrase. Live entropy meter.

// 04 · Passkey

FIDO2 / WebAuthn

Generated and stored locally. Private key never leaves the device in plaintext.

// 05 · Security report

HIBP · k-anonymity

Only the first 5 chars of the SHA-1 hash leave the device. Your password never does.

// 06 · AutoFill

Safari · apps · keyboard — one step

System-level AutoFill extension. Face ID confirms; codes get filled in too.

// 07 · iCloud sync

End-to-end · optional

Routed via Apple's private CloudKit. Sensitive fields are encrypted on-device before upload — only ciphertext reaches the server. Toggle off anytime to go fully local.

// 08 · Import / export

Yours to keep, anytime

1Password · Bitwarden · LastPass · KeePass · Dashlane · Apple Keychain. Three export formats: JSON / CSV (plaintext) + encrypted .bytegx.

// 09 · Mistake-proof

Edited wrong? Deleted by accident? Recoverable.

Every password change saves the previous value — up to 5 history versions kept, one-tap rollback. Deleted items go to a recycle bin and clear after the retention window.

// 10 · Auto-clear, always

Clipboard counts down. App locks itself.

Pasteboard auto-clears after a configurable delay; foreground / background auto-lock timers can be set separately.

// 11 · Home Screen reach

Tap from the lock screen, password's there

Two widgets: quick vault access + on-the-fly password generator.

§ 04 · Det hårde sikkerhedssæt

Tre ting jeg nægtede at gå på kompromis med

Indbygget TOTP, sikkerhedsaudit på enheden og Passkeys — de tre steder, hvor ByteGuard tydeligst overgår den gennemsnitlige adgangskode-manager.

SPECIMEN · 002 · TOTP

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
iCloud cross-device sync (E2E encrypted, Premium)
Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

SPECIMEN · 005 · SECURITY REPORT

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

Detects leaked / weak / reused / outdated
HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
One tap jumps to the entry to replace

SPECIMEN · 008 · PASSKEYS

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

ES256 (ECDSA P-256, COSE -7)
AutoFill Extension handles registration + assertion
iCloud E2E encrypted sync (Premium)

§ 05 · Skærmbilleder taler

Sådan ser den faktisk ud

Ti skærme, i scenarierækkefølge — hele appen vist igennem. Ingen marketingtekst.

SPECIMEN · 001 · VAULT

Every digital identity, in one place.

Top 10 / All / Favorites / Logins multi-view; live filtered search. All eight DataType cases run the full field-level encryption pipeline — not a 'password app', but a digital-identity ledger.

8 types: login / card / API key / identity / note / license / passkey / OAuth token
Each entry gets its own AES-256-GCM key; plaintext never leaves the device
Local-first; optional iCloud end-to-end encrypted sync

SPECIMEN · 002 · TOTP

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
iCloud cross-device sync (E2E encrypted, Premium)
Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

SPECIMEN · 003 · DETAIL

One entry — every field at once.

Login detail: username, password, history, linked TOTP, website, custom fields. Each sensitive field independently decrypted with its own IV, shown only on demand. Copy auto-clears the clipboard.

Each sensitive field independently AES-256-GCM encrypted with its own IV
TOTP / Passkey two-way linking shown together
Copy auto-clears clipboard (5 presets)

SPECIMEN · 004 · PASSWORD HISTORY

Made a typo? Deleted by mistake? Recoverable.

Every change saves the previous value (spec:R3 — up to 5 versions kept); tap the timeline to restore. Deleted items are retained for 90 days before permanent removal.

Up to 5 history versions kept
Four source markers: manual / AutoFill / imported / sync
Deleted items retained 90 days

SPECIMEN · 005 · SECURITY REPORT

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

Detects leaked / weak / reused / outdated
HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
One tap jumps to the entry to replace

SPECIMEN · 006 · GENERATOR

A strong one — in one second.

Random (4-64 chars / exclude look-alikes / digits-only for PIN) or EFF passphrase, with live entropy meter. Replaces the old value and records the change in history.

Two modes: random (incl. PIN) + EFF passphrase
Apple system CSPRNG (Swift Int.random + SecRandomCopyBytes)
Live entropy meter and strength indicator

SPECIMEN · 007 · AUTOFILL

Tap in Safari, and the password fills itself.

AutoFill Extension uses Apple's official ASCredentialProviderViewController; after Face ID / Touch ID, the username, password and TOTP all go in together. Info.plist also declares SupportsSavePasswordCredentials, so new passwords save back to ByteGuard from any flow.

ASCredentialProviderViewController, system-level credential provider
Safari + third-party apps, all flows covered
Unlock via Face ID / Touch ID; TOTP delivered in the same step

SPECIMEN · 008 · PASSKEYS

Private keys never leave the device.

ES256 (ECDSA P-256, COSE -7)
AutoFill Extension handles registration + assertion
iCloud E2E encrypted sync (Premium)

SPECIMEN · 009 · CARDS

PAN encrypted, CVV never stored.

Card number (PAN) gets its own AES-256-GCM key with a unique IV. Cardholder name, expiry, brand (Visa / Mastercard / etc.) stay searchable as metadata. CVV/CVC are never persisted on this device.

PAN encrypted; BIN (first 4-6) / last 4 shown in plaintext
CVV/CVC never persisted on device
Cardholder / expiry / brand / billing-address metadata

SPECIMEN · 010 · THEME

Dark / Light / System.

AppearanceMode three modes: system / light / dark — switch any time, no restart. Premium tier unlocks multi-color themes; Home Screen widgets stay in sync.

AppearanceMode three modes: system / light / dark
Multi-color themes (Premium)
Home Screen widgets follow theme

§ 02 · Zero-knowledge-arkitektur

Zero-knowledge, i bogstaveligste forstand.

Din masteradgangskode forlader aldrig din enhed. Din Secret Key genereres lokalt og gemmes i Apple Nøglering — synkroniseret på tværs af dine Apple-enheder via Apples end-to-end-krypterede Nøglering (du kan også vælge kun at have den på én enhed). Begge nøgler er nødvendige for at dekryptere dine data, og hverken jeg eller Apple kan læse nogen af dem. Det er ikke et løfte — det er arkitekturen.

Argon2id key derivation

password + Secret Key + 32B salt → Master Key. Parameters: 64 MB memory · 3 iterations. Resistant to GPU/ASIC brute force.

HKDF-SHA256 key hierarchy

Master Key → KEK → random DEK. Each vault gets its own DEK — no horizontal decryption path.

Field-level AES-256-GCM

Every sensitive field encrypted independently · new random IV on every write. Same plaintext → different ciphertext · authenticated tag prevents tampering.

128-bit Secret Key

A random key (a 12-word BIP39 mnemonic in form), independent of the master password. Even if the master password leaks, your vault still cannot be opened without it.

Det er ikke "vil ikke" — det er arkitektonisk "kan ikke".

See, access, or decrypt your stored data
Reset your master password
Recover a vault without your Secret Key
Hand over decrypted data to anyone — by architecture, no party can decrypt without your master password
Plant a backdoor in the encryption flow
Collect analytics or crash reports

§ 03 · An honest list

What I built. What I chose not to.

No competitor table. No checkmarks. Just an indie developer listing — plainly — what I wrote, and what I deliberately didn't. Read it, then decide whether to trust me with your ledger.

— WHAT I BUILT —

Field-level AES-256-GCM

Every sensitive field encrypted independently, with its own random IV.

Argon2id key derivation

64 MB memory × 3 iterations — resistant to GPU/ASIC brute force.

128-bit Secret Key

A random key independent of the master password — your second line of defense.

Full offline mode

iCloud sync can be turned off in one tap; the app falls back to pure local storage.

HIBP k-anonymity lookup

Only the first 5 chars of the SHA-1 hash are sent — your password never leaves the device.

Native system integration

AutoFill, Passkey, and TOTP all use Apple's official APIs. No reinvented wheels.

Zero third-party SDKs

No analytics. No tracking. No ads. No crash reporters.

— WHAT I CHOSE NOT TO —

No web app or browser extension

XSS, extension supply-chain attacks, CDN takeovers — that surface is excluded by architecture, not policy.

No Android or Windows builds

Each platform means re-implementing the crypto primitives correctly. Get one line wrong and the whole chain breaks.

No team or enterprise sharing

Sharing is trust delegation — I'm still working out how to do it right. Until I am, I won't ship it.

No self-hosting option

Under zero-knowledge, self-hosting just shifts the operational burden to you with no real security gain.

No third-party audit yet

Honestly: I haven't paid for one yet. The /security page documents every crypto decision against the source so anyone can verify independently. Independent audit + open-sourcing the crypto core are both on the 2026 roadmap — follow the GitHub repo to be notified when they land.

No "recover master password" path

If I could recover it, it wouldn't be zero-knowledge. The most reliable backup is still old-school: write your master password and Secret Key on paper and store them apart.

No aggressive release cadence

Crypto-related changes will move very conservatively. Stability over novelty.

Pricing

Enkelt. Fair. Dit valg.

Ingen skjulte gebyrer. Abonner månedligt, årligt, eller køb én gang for livet. Al fakturering håndteres af Apple.

§ 04 · FAQ

Om denne app, og personen der byggede den.

Hvem er du? Hvorfor skulle jeg betro dig mine adgangskoder?

Jeg er en uafhængig udvikler. ByteGuard er skrevet af mig alene — ingen team, ingen finansiering, endnu ingen tredjepartssikkerhedsaudit. (Det fortæller jeg ærligt i sektionen ovenfor.) Det eneste, jeg kan love, er selve arkitekturen: din masteradgangskode og Secret Key forlader aldrig din enhed, og der er intet på min server, der kan dekryptere dine data. Hvis den præmis ikke er nok for dig, passer denne app ikke til dig — og det er helt fint.

Hvad hvis jeg glemmer min masteradgangskode?

Jeg kan ikke gendanne den. Det er prisen for zero-knowledge: jeg kan ikke nulstille noget, jeg aldrig har kendt. Brug Face ID / Touch ID til daglig oplåsning, og skriv din masteradgangskode og Secret Key på et stykke papir, som du opbevarer i et pengeskab eller en bankboks. Det lyder 1990'er-agtigt — og det er stadig den mest pålidelige backup, vi har.

Hvad hvis jeg mister min Secret Key?

Det afhænger af, om du har aktiveret iCloud Nøglering-synkronisering for din Secret Key. Hvis iCloud Nøglering-synkronisering er aktiveret (den anbefalede standardopsætning): din Secret Key er end-to-end-krypteret af Apple og synkroniseret på tværs af alle dine Apple-enheder. På en ny enhed logger du blot ind med dit Apple ID, og din Secret Key gendannes automatisk — du skal kun huske din masteradgangskode. Hvis iCloud Nøglering-synkronisering er deaktiveret (maksimal sikkerhed, du beholder begge nøgler selv): Secret Key forlader aldrig den enhed, den blev genereret på. Din eneste backup er den 12-ords gendannelsessætning (BIP39-standard), der vises, da du oprettede vaulten. Skriv den på papir og opbevar den adskilt fra din masteradgangskode. Uden den papirbackup kan Secret Key ikke gendannes på en ny enhed. Uanset hvad: din masteradgangskode er stadig nødvendig for at dekryptere noget — Secret Key alene er ikke nok. Og jeg har aldrig set en eneste bit af nogen af dem: min server indeholder intet, der kan dekryptere dine data, og Apple kan heller ikke læse din Secret Key (den er E2E-krypteret i deres Nøglering-lag).

Er iCloud-synkronisering virkelig sikker? Kan Apple slet ikke se noget?

Alle følsomme felter krypteres med AES-256-GCM, før de overhovedet forlader enheden. iCloud modtager kun chiffertekst; selv jeg har ikke nøglen (nøglen forlader aldrig din enhed). Hvis du hellere vil undgå skyen helt, kan du slå synkronisering fra i indstillingerne — appen falder tilbage til en fuldt lokal tilstand, hvilket er en helt legitim måde at bruge den på.

Hvorfor ikke Android / Windows / web?

To grunde. Én person kan kun vedligeholde så meget kode, og på tværs af platforme betyder det, at krypteringsprimitiver skal genimplementeres korrekt på hver — én forkert linje, og hele kæden brister. Den anden: en webapps angrebsflade (XSS, udvidelses-supply-chain, CDN-overtagelse) er langt større end en native iOS-app. Jeg vil hellere gøre én platform godt end levere noget, der ser omfattende ud, men er ujævnt sikret.

Er det svært at migrere fra 1Password / Bitwarden?

Direkte import fra eksportfiler fra 1Password / Bitwarden / LastPass / KeePass / Dashlane / Apple Nøglering understøttes. Hele importen kører lokalt — intet uploades. Hvis din gamle managers eksportformat giver problemer, så skriv til mig, og jeg tilføjer support.

Stiger prisen? Bliver livstidsversionen til et abonnement?

9,99 $ for livstid er permanent og inkluderer alle fremtidige opdateringer. Hvis et 'premium-abonnement' nogensinde tilføjes (f.eks. dybere sikkerhedsanalyse), bliver det kun abonnement — eksisterende livstidsfunktioner flyttes aldrig bag det. Det er en forpligtelse, jeg er villig til at sætte på denne side.

Download i App Store