As suas palavras-passe, o seu controlo.

One ledger, eight identities

Every sensitive field encrypted with AES-256-GCM, with its own random IV.

No second app needed

Scan to save. AutoFill fills the 6-digit code along with the password.

A strong one, in a second

Random string or EFF wordlist phrase. Live entropy meter.

FIDO2 / WebAuthn

Generated and stored locally. Private key never leaves the device in plaintext.

HIBP · k-anonymity

Only the first 5 chars of the SHA-1 hash leave the device. Your password never does.

Safari · apps · keyboard — one step

System-level AutoFill extension. Face ID confirms; codes get filled in too.

End-to-end · optional

Routed via Apple's private CloudKit. Sensitive fields are encrypted on-device before upload — only ciphertext reaches the server. Toggle off anytime to go fully local.

Yours to keep, anytime

1Password · Bitwarden · LastPass · KeePass · Dashlane · Apple Keychain. Three export formats: JSON / CSV (plaintext) + encrypted .bytegx.

Edited wrong? Deleted by accident? Recoverable.

Every password change saves the previous value — up to 5 history versions kept, one-tap rollback. Deleted items go to a recycle bin and clear after the retention window.

Clipboard counts down. App locks itself.

Pasteboard auto-clears after a configurable delay; foreground / background auto-lock timers can be set separately.

Tap from the lock screen, password's there

Two widgets: quick vault access + on-the-fly password generator.

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

• RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
• iCloud cross-device sync (E2E encrypted, Premium)
• Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

• Detects leaked / weak / reused / outdated
• HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
• One tap jumps to the entry to replace

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

• ES256 (ECDSA P-256, COSE -7)
• AutoFill Extension handles registration + assertion
• iCloud E2E encrypted sync (Premium)

Every digital identity, in one place.

Top 10 / All / Favorites / Logins multi-view; live filtered search. All eight DataType cases run the full field-level encryption pipeline — not a 'password app', but a digital-identity ledger.

• 8 types: login / card / API key / identity / note / license / passkey / OAuth token
• Each entry gets its own AES-256-GCM key; plaintext never leaves the device
• Local-first; optional iCloud end-to-end encrypted sync

Codes, without juggling two apps.

Scan to save — every 2FA in one place. The detail page shows the live code with a countdown ring; long-press to copy. With AutoFill, the code goes in along with username and password.

• RFC 6238 TOTP, 6/8 digits · SHA-1 / 256 / 512 HMAC
• iCloud cross-device sync (E2E encrypted, Premium)
• Three export formats: JSON / CSV (plaintext) + encrypted .bytegx

One entry — every field at once.

Login detail: username, password, history, linked TOTP, website, custom fields. Each sensitive field independently decrypted with its own IV, shown only on demand. Copy auto-clears the clipboard.

• Each sensitive field independently AES-256-GCM encrypted with its own IV
• TOTP / Passkey two-way linking shown together
• Copy auto-clears clipboard (5 presets)

Made a typo? Deleted by mistake? Recoverable.

Every change saves the previous value (spec:R3 — up to 5 versions kept); tap the timeline to restore. Deleted items are retained for 90 days before permanent removal.

• Up to 5 history versions kept
• Four source markers: manual / AutoFill / imported / sync
• Deleted items retained 90 days

You can only fix what you can see.

Backed by Have I Been Pwned with the k-anonymity protocol — only the first 5 chars of the SHA-1 hash ever leave the device. Every weakness comes with a concrete next step.

• Detects leaked / weak / reused / outdated
• HIBP k-anonymity (SHA-1 prefix-5); plaintext never sent
• One tap jumps to the entry to replace

A strong one — in one second.

Random (4-64 chars / exclude look-alikes / digits-only for PIN) or EFF passphrase, with live entropy meter. Replaces the old value and records the change in history.

• Two modes: random (incl. PIN) + EFF passphrase
• Apple system CSPRNG (Swift Int.random + SecRandomCopyBytes)
• Live entropy meter and strength indicator

Tap in Safari, and the password fills itself.

AutoFill Extension uses Apple's official ASCredentialProviderViewController; after Face ID / Touch ID, the username, password and TOTP all go in together. Info.plist also declares SupportsSavePasswordCredentials, so new passwords save back to ByteGuard from any flow.

• ASCredentialProviderViewController, system-level credential provider
• Safari + third-party apps, all flows covered
• Unlock via Face ID / Touch ID; TOTP delivered in the same step

Private keys never leave the device.

WebAuthn / FIDO2 standard. ES256 (ECDSA P-256, COSE alg -7). Private keys are AES-256-GCM encrypted with the Item Key — plaintext never written to disk. AutoFillExtension handles registration and assertion via the Apple system bridge.

• ES256 (ECDSA P-256, COSE -7)
• AutoFill Extension handles registration + assertion
• iCloud E2E encrypted sync (Premium)

PAN encrypted, CVV never stored.

Card number (PAN) gets its own AES-256-GCM key with a unique IV. Cardholder name, expiry, brand (Visa / Mastercard / etc.) stay searchable as metadata. CVV/CVC are never persisted on this device.

• PAN encrypted; BIN (first 4-6) / last 4 shown in plaintext
• CVV/CVC never persisted on device
• Cardholder / expiry / brand / billing-address metadata

Dark / Light / System.

AppearanceMode three modes: system / light / dark — switch any time, no restart. Premium tier unlocks multi-color themes; Home Screen widgets stay in sync.

• AppearanceMode three modes: system / light / dark
• Multi-color themes (Premium)
• Home Screen widgets follow theme

Argon2id key derivation

password + Secret Key + 32B salt → Master Key. Parameters: 64 MB memory · 3 iterations. Resistant to GPU/ASIC brute force.

HKDF-SHA256 key hierarchy

Master Key → KEK → random DEK. Each vault gets its own DEK — no horizontal decryption path.

Field-level AES-256-GCM

Every sensitive field encrypted independently · new random IV on every write. Same plaintext → different ciphertext · authenticated tag prevents tampering.

128-bit Secret Key

A random key (a 12-word BIP39 mnemonic in form), independent of the master password. Even if the master password leaks, your vault still cannot be opened without it.

Field-level AES-256-GCM

Every sensitive field encrypted independently, with its own random IV.

Argon2id key derivation

64 MB memory × 3 iterations — resistant to GPU/ASIC brute force.

128-bit Secret Key

A random key independent of the master password — your second line of defense.

Full offline mode

iCloud sync can be turned off in one tap; the app falls back to pure local storage.

HIBP k-anonymity lookup

Only the first 5 chars of the SHA-1 hash are sent — your password never leaves the device.

Native system integration

AutoFill, Passkey, and TOTP all use Apple's official APIs. No reinvented wheels.

Zero third-party SDKs

No analytics. No tracking. No ads. No crash reporters.

No web app or browser extension

XSS, extension supply-chain attacks, CDN takeovers — that surface is excluded by architecture, not policy.

No Android or Windows builds

Each platform means re-implementing the crypto primitives correctly. Get one line wrong and the whole chain breaks.

No team or enterprise sharing

Sharing is trust delegation — I'm still working out how to do it right. Until I am, I won't ship it.

No self-hosting option

Under zero-knowledge, self-hosting just shifts the operational burden to you with no real security gain.

No third-party audit yet

Honestly: I haven't paid for one yet. The /security page documents every crypto decision against the source so anyone can verify independently. Independent audit + open-sourcing the crypto core are both on the 2026 roadmap — follow the GitHub repo to be notified when they land.

No "recover master password" path

If I could recover it, it wouldn't be zero-knowledge. The most reliable backup is still old-school: write your master password and Secret Key on paper and store them apart.

No aggressive release cadence

Crypto-related changes will move very conservatively. Stability over novelty.

Quem és tu? Porque devo confiar-te as minhas palavras-passe?

Sou um programador independente. O ByteGuard é escrito apenas por mim — sem equipa, sem financiamento, ainda sem auditoria de segurança externa. (Indico-o de forma honesta na secção acima.) A única coisa que posso prometer é a própria arquitetura: a tua palavra-passe principal e a Secret Key nunca saem do teu dispositivo, e não há nada no meu servidor que consiga desencriptar os teus dados. Se essa premissa não te basta, esta aplicação não é a indicada — e isso é perfeitamente legítimo.

E se me esquecer da palavra-passe principal?

Não a consigo recuperar. É o preço do zero-knowledge: não posso repor o que nunca conheci. Usa o Face ID / Touch ID para o desbloqueio diário e escreve a palavra-passe principal e a Secret Key num papel guardado num cofre ou num cofre bancário. Soa aos anos 90 — e continua a ser a cópia de segurança mais fiável que temos.

E se perder a minha Secret Key?

Depende de teres ativado a sincronização do iCloud Keychain para a tua Secret Key. Se a sincronização do iCloud Keychain estiver ativa (configuração predefinida e recomendada): a tua Secret Key é encriptada de ponta a ponta pela Apple e sincronizada entre todos os teus dispositivos Apple. Num dispositivo novo, basta iniciar sessão com o teu Apple ID e a Secret Key é restaurada automaticamente — só precisas de te lembrar da palavra-passe principal. Se a sincronização do iCloud Keychain estiver desativada (segurança máxima, ficas com ambas as chaves): a Secret Key nunca sai do dispositivo onde foi gerada. A tua única cópia de segurança é a frase de recuperação de 12 palavras (norma BIP39), mostrada quando criaste o cofre pela primeira vez. Escreve-a num papel e guarda-a separada da palavra-passe principal. Sem essa cópia em papel, a Secret Key não pode ser restaurada num dispositivo novo. Em ambos os casos: a palavra-passe principal continua a ser necessária para desencriptar — só a Secret Key não chega. E nunca vi um único bit de qualquer uma delas: o meu servidor não tem nada que possa desencriptar os teus dados, e a Apple também não consegue ler a tua Secret Key (está encriptada E2E na camada do Keychain).

A sincronização iCloud é mesmo segura? A Apple não consegue ver nada?

Todos os campos sensíveis são encriptados com AES-256-GCM antes de saírem do dispositivo. O iCloud recebe apenas texto cifrado; nem eu tenho a chave (a chave nunca sai do teu dispositivo). Se preferires não usar a nuvem de todo, podes desativar a sincronização nas definições — a aplicação passa a um modo totalmente local, uma forma perfeitamente legítima de a usar.

Porque não Android / Windows / Web?

Duas razões. Uma só pessoa só consegue manter uma quantidade limitada de código, e suportar várias plataformas significa reimplementar primitivas criptográficas corretamente em cada uma — uma linha errada e toda a cadeia parte. A outra: a superfície de ataque de uma app web (XSS, cadeia de fornecimento de extensões, takeover de CDN) é muito maior do que a de uma app iOS nativa. Prefiro fazer bem uma plataforma do que entregar algo que parece abrangente mas é desigualmente seguro.

É difícil migrar do 1Password / Bitwarden?

É suportada a importação direta a partir de ficheiros de exportação do 1Password / Bitwarden / LastPass / KeePass / Dashlane / Apple Keychain. Toda a importação corre localmente — nada é enviado. Se o formato de exportação do teu antigo gestor te causar problemas, envia-me um e-mail e adiciono suporte.

Os preços vão subir? O plano vitalício vai virar subscrição?

Os $9.99 vitalícios são permanentes e incluem todas as atualizações futuras. Se algum dia for adicionado um nível de 'subscrição premium' (por exemplo, análises de segurança mais profundas), será apenas por subscrição — as funcionalidades vitalícias existentes nunca serão movidas para lá. É um compromisso que assumo nesta página.