Dine passord, din kontroll.

Beskytt passordene, tilgangsnøklene, 2FA og bankkortene dine med AES-256-GCM-kryptering. Lokalt først, valgfri iCloud-synkronisering.

ByteGuard home screen ByteGuard authentication screen ByteGuard password detail screen ByteGuard security screen

Built on modern iOS primitives

§ 01 · Ett register

Ett register, bare ditt. Ingen tredje kopi, noe sted.

Ikke en 'passord-app' — et kryptert register som samler hver digitale identitet på ett sted. Alle åtte oppføringstyper går gjennom samme krypteringspipeline på feltnivå.

// 01 · 8 item types

One ledger, eight identities

Every sensitive field encrypted with AES-256-GCM, with its own random IV.

// 02 · TOTP

No second app needed

Scan to save. AutoFill fills the 6-digit code along with the password.

// 03 · Generator

A strong one, in a second

Random string or EFF wordlist phrase. Live entropy meter.

// 04 · Passkey

FIDO2 / WebAuthn

Generated and stored locally. Private key never leaves the device in plaintext.

// 05 · Security report

HIBP · k-anonymity

Only the first 5 chars of the SHA-1 hash leave the device. Your password never does.

// 06 · AutoFill

Safari · apps · keyboard — one step

System-level AutoFill extension. Face ID confirms; codes get filled in too.

// 07 · iCloud sync

End-to-end · optional

Routed via Apple's private CloudKit. Sensitive fields are encrypted on-device before upload — only ciphertext reaches the server. Toggle off anytime to go fully local.

// 08 · Import / export

Yours to keep, anytime

1Password · Bitwarden · LastPass · KeePass · Dashlane · Apple Keychain. Three export formats: JSON / CSV (plaintext) + encrypted .bytegx.

// 09 · Mistake-proof

Edited wrong? Deleted by accident? Recoverable.

Every password change saves the previous value — up to 5 history versions kept, one-tap rollback. Deleted items go to a recycle bin and clear after the retention window.

// 10 · Auto-clear, always

Clipboard counts down. App locks itself.

Pasteboard auto-clears after a configurable delay; foreground / background auto-lock timers can be set separately.

// 11 · Home Screen reach

Tap from the lock screen, password's there

Two widgets: quick vault access + on-the-fly password generator.

§ 04 · Det harde sikkerhetssettet

Tre ting jeg nektet å gå på akkord med

Innebygd TOTP, sikkerhetsrevisjon på enheten og Passkeys — de tre stedene der ByteGuard tydeligst overgår den gjennomsnittlige passordbehandleren.

SPECIMEN · 002 · TOTP

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

  • RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
  • iCloud cross-device sync (E2E encrypted, Premium)
  • Three export formats: JSON / CSV (plaintext) + encrypted .bytegx
SPECIMEN · 005 · SECURITY REPORT

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

  • Detects leaked / weak / reused / outdated
  • HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
  • One tap jumps to the entry to replace
SPECIMEN · 008 · PASSKEYS

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

  • ES256 (ECDSA P-256, COSE -7)
  • AutoFill Extension handles registration + assertion
  • iCloud E2E encrypted sync (Premium)
§ 05 · Skjermbilder taler

Slik ser den faktisk ut

Ti skjermer, i scenariorekkefølge — hele appen vist gjennom. Ingen markedsføringstekst.

SPECIMEN · 001 · VAULT

Every digital identity, in one place.

Top 10 / All / Favorites / Logins multi-view; live filtered search. All eight DataType cases run the full field-level encryption pipeline — not a 'password app', but a digital-identity ledger.

  • 8 types: login / card / API key / identity / note / license / passkey / OAuth token
  • Each entry gets its own AES-256-GCM key; plaintext never leaves the device
  • Local-first; optional iCloud end-to-end encrypted sync
SPECIMEN · 002 · TOTP

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

  • RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
  • iCloud cross-device sync (E2E encrypted, Premium)
  • Three export formats: JSON / CSV (plaintext) + encrypted .bytegx
SPECIMEN · 003 · DETAIL

One entry — every field at once.

Login detail: username, password, history, linked TOTP, website, custom fields. Each sensitive field independently decrypted with its own IV, shown only on demand. Copy auto-clears the clipboard.

  • Each sensitive field independently AES-256-GCM encrypted with its own IV
  • TOTP / Passkey two-way linking shown together
  • Copy auto-clears clipboard (5 presets)
SPECIMEN · 004 · PASSWORD HISTORY

Made a typo? Deleted by mistake? Recoverable.

Every change saves the previous value (spec:R3 — up to 5 versions kept); tap the timeline to restore. Deleted items are retained for 90 days before permanent removal.

  • Up to 5 history versions kept
  • Four source markers: manual / AutoFill / imported / sync
  • Deleted items retained 90 days
SPECIMEN · 005 · SECURITY REPORT

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

  • Detects leaked / weak / reused / outdated
  • HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
  • One tap jumps to the entry to replace
SPECIMEN · 006 · GENERATOR

A strong one — in one second.

Random (4-64 chars / exclude look-alikes / digits-only for PIN) or EFF passphrase, with live entropy meter. Replaces the old value and records the change in history.

  • Two modes: random (incl. PIN) + EFF passphrase
  • Apple system CSPRNG (Swift Int.random + SecRandomCopyBytes)
  • Live entropy meter and strength indicator
SPECIMEN · 007 · AUTOFILL

Tap in Safari, and the password fills itself.

AutoFill Extension uses Apple's official ASCredentialProviderViewController; after Face ID / Touch ID, the username, password and TOTP all go in together. Info.plist also declares SupportsSavePasswordCredentials, so new passwords save back to ByteGuard from any flow.

  • ASCredentialProviderViewController, system-level credential provider
  • Safari + third-party apps, all flows covered
  • Unlock via Face ID / Touch ID; TOTP delivered in the same step
SPECIMEN · 008 · PASSKEYS

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

  • ES256 (ECDSA P-256, COSE -7)
  • AutoFill Extension handles registration + assertion
  • iCloud E2E encrypted sync (Premium)
SPECIMEN · 009 · CARDS

PAN encrypted, CVV never stored.

Card number (PAN) gets its own AES-256-GCM key with a unique IV. Cardholder name, expiry, brand (Visa / Mastercard / etc.) stay searchable as metadata. CVV/CVC are never persisted on this device.

  • PAN encrypted; BIN (first 4-6) / last 4 shown in plaintext
  • CVV/CVC never persisted on device
  • Cardholder / expiry / brand / billing-address metadata
SPECIMEN · 010 · THEME

Dark / Light / System.

AppearanceMode three modes: system / light / dark — switch any time, no restart. Premium tier unlocks multi-color themes; Home Screen widgets stay in sync.

  • AppearanceMode three modes: system / light / dark
  • Multi-color themes (Premium)
  • Home Screen widgets follow theme
§ 02 · Zero-knowledge-arkitektur

Zero-knowledge, i bokstavelig forstand.

Hovedpassordet ditt forlater aldri enheten din. Secret Key-en din genereres lokalt og lagres i Apple Nøkkelring — synkronisert på tvers av Apple-enhetene dine via Apples ende-til-ende-krypterte Nøkkelring (du kan også beholde den på én enhet). Begge nøklene er nødvendige for å dekryptere dataene dine, og verken jeg eller Apple kan lese noen av dem. Dette er ikke et løfte — det er arkitekturen.

Argon2id key derivation

password + Secret Key + 32B salt → Master Key. Parameters: 64 MB memory · 3 iterations. Resistant to GPU/ASIC brute force.

HKDF-SHA256 key hierarchy

Master Key → KEK → random DEK. Each vault gets its own DEK — no horizontal decryption path.

Field-level AES-256-GCM

Every sensitive field encrypted independently · new random IV on every write. Same plaintext → different ciphertext · authenticated tag prevents tampering.

128-bit Secret Key

A random key (a 12-word BIP39 mnemonic in form), independent of the master password. Even if the master password leaks, your vault still cannot be opened without it.

Dette er ikke "vil ikke" — det er arkitektonisk "kan ikke".

  • See, access, or decrypt your stored data
  • Reset your master password
  • Recover a vault without your Secret Key
  • Hand over decrypted data to anyone — by architecture, no party can decrypt without your master password
  • Plant a backdoor in the encryption flow
  • Collect analytics or crash reports
§ 03 · An honest list

What I built. What I chose not to.

No competitor table. No checkmarks. Just an indie developer listing — plainly — what I wrote, and what I deliberately didn't. Read it, then decide whether to trust me with your ledger.

— WHAT I BUILT —

Field-level AES-256-GCM

Every sensitive field encrypted independently, with its own random IV.

Argon2id key derivation

64 MB memory × 3 iterations — resistant to GPU/ASIC brute force.

128-bit Secret Key

A random key independent of the master password — your second line of defense.

Full offline mode

iCloud sync can be turned off in one tap; the app falls back to pure local storage.

HIBP k-anonymity lookup

Only the first 5 chars of the SHA-1 hash are sent — your password never leaves the device.

Native system integration

AutoFill, Passkey, and TOTP all use Apple's official APIs. No reinvented wheels.

Zero third-party SDKs

No analytics. No tracking. No ads. No crash reporters.

— WHAT I CHOSE NOT TO —

No web app or browser extension

XSS, extension supply-chain attacks, CDN takeovers — that surface is excluded by architecture, not policy.

No Android or Windows builds

Each platform means re-implementing the crypto primitives correctly. Get one line wrong and the whole chain breaks.

No team or enterprise sharing

Sharing is trust delegation — I'm still working out how to do it right. Until I am, I won't ship it.

No self-hosting option

Under zero-knowledge, self-hosting just shifts the operational burden to you with no real security gain.

No third-party audit yet

Honestly: I haven't paid for one yet. The /security page documents every crypto decision against the source so anyone can verify independently. Independent audit + open-sourcing the crypto core are both on the 2026 roadmap — follow the GitHub repo to be notified when they land.

No "recover master password" path

If I could recover it, it wouldn't be zero-knowledge. The most reliable backup is still old-school: write your master password and Secret Key on paper and store them apart.

No aggressive release cadence

Crypto-related changes will move very conservatively. Stability over novelty.

Pricing

Enkelt. Rettferdig. Du bestemmer.

Ingen skjulte gebyrer. Abonner månedlig, årlig, eller kjøp én gang for livet. All fakturering håndteres av Apple.

§ 04 · FAQ

Om denne appen, og personen som bygde den.

Hvem er du? Hvorfor skulle jeg betro deg passordene mine?

Jeg er en uavhengig utvikler. ByteGuard er skrevet av meg alene — ingen team, ingen finansiering, ingen tredjeparts sikkerhetsrevisjon ennå. (Jeg sier det ærlig i seksjonen over.) Det eneste jeg kan love, er selve arkitekturen: hovedpassordet ditt og Secret Key forlater aldri enheten din, og det er ingenting på serveren min som kan dekryptere dataene dine. Hvis den premissen ikke er nok for deg, passer ikke denne appen for deg — og det er helt greit.

Hva om jeg glemmer hovedpassordet mitt?

Jeg kan ikke gjenopprette det. Det er prisen for zero-knowledge: jeg kan ikke tilbakestille noe jeg aldri har kjent. Bruk Face ID / Touch ID til daglig opplåsing, og skriv hovedpassordet og Secret Key på et papir som du oppbevarer i en safe eller bankboks. Det høres ut som 90-tallet — og det er fortsatt den mest pålitelige sikkerhetskopien vi har.

Hva om jeg mister Secret Key-en min?

Det avhenger av om du har aktivert iCloud Nøkkelring-synkronisering for Secret Key-en. Hvis iCloud Nøkkelring-synkronisering er aktivert (det anbefalte standardoppsettet): Secret Key-en din er ende-til-ende-kryptert av Apple og synkronisert på tvers av alle Apple-enhetene dine. På en ny enhet logger du bare inn med Apple-ID-en din, og Secret Key-en gjenopprettes automatisk — du trenger bare å huske hovedpassordet. Hvis iCloud Nøkkelring-synkronisering er deaktivert (maksimal sikkerhet, du beholder begge nøklene selv): Secret Key forlater aldri enheten den ble generert på. Den eneste sikkerhetskopien er den 12-ords gjenopprettingsfrasen (BIP39-standard) som vises da du opprettet vaulten. Skriv den på papir og oppbevar den adskilt fra hovedpassordet. Uten den papirsikkerhetskopien kan ikke Secret Key gjenopprettes på en ny enhet. Uansett: hovedpassordet kreves fortsatt for å dekryptere noe — Secret Key alene er ikke nok. Og jeg har aldri sett en eneste bit av noen av dem: serveren min inneholder ingenting som kan dekryptere dataene dine, og Apple kan heller ikke lese Secret Key-en din (den er E2E-kryptert i Nøkkelring-laget deres).

Er iCloud-synkronisering virkelig trygg? Kan ikke Apple se noe?

Alle sensitive felt krypteres med AES-256-GCM før de i det hele tatt forlater enheten. iCloud mottar bare chiffertekst; selv jeg har ikke nøkkelen (nøkkelen forlater aldri enheten din). Hvis du heller ikke vil bruke skyen i det hele tatt, kan du slå av synkronisering i innstillingene — appen faller tilbake til fullt lokal modus, som er en helt legitim måte å bruke den på.

Hvorfor ikke Android / Windows / web?

To grunner. Én person kan bare vedlikeholde så mye kode, og på tvers av plattformer betyr det å reimplementere kryptografiske primitiver riktig på hver — én linje feil, og hele kjeden brytes. Den andre: angrepsflaten til en webapp (XSS, utvidelses-supply-chain, CDN-overtakelse) er langt større enn en innebygd iOS-app. Jeg vil heller gjøre én plattform godt enn å levere noe som ser omfattende ut, men er ujevnt sikret.

Er det vanskelig å migrere fra 1Password / Bitwarden?

Direkte import fra eksportfiler fra 1Password / Bitwarden / LastPass / KeePass / Dashlane / Apple Nøkkelring støttes. Hele importen kjøres lokalt — ingenting lastes opp. Hvis den gamle behandlerens eksportformat gir deg problemer, send meg en e-post, så legger jeg til støtte.

Vil prisene gå opp? Vil livstidsnivået bli til et abonnement?

9,99 $ for livstid er permanent og inkluderer alle fremtidige oppdateringer. Hvis et 'premium-abonnement' noensinne legges til (f.eks. dypere sikkerhetsanalyse), vil det kun være abonnement — eksisterende livstidsfunksjoner flyttes aldri bak det. Det er en forpliktelse jeg er villig til å sette på denne siden.

  • Funksjoner
  • Sikkerhet
  • Priser
  • Om oss
Last ned fra App Store