Threat Model

An honest assessment of what AmnPass protects against — and what's your responsibility.

No security system is perfect. Being transparent about our security model helps you make informed decisions and take appropriate precautions.

What We Protect Against

Server Breach

If our servers are compromised, attackers get only encrypted data. Without individual master passwords, vault contents cannot be decrypted.

Malicious Insiders

AmnPass employees cannot access your vault contents. Zero-knowledge architecture means we don't have the keys.

Legal Requests

Even with a valid legal order, we cannot provide your plaintext passwords because we don't have them.

Network Eavesdropping

All data in transit is encrypted with TLS. Your vault data is additionally encrypted with your personal keys.

Password Reuse Attacks

Using unique passwords for each site (easily managed with our generator) means one breach doesn't compromise others.

Your Responsibilities

These threats require your active participation to mitigate:

Weak Master Password

If your master password is weak ("password123"), attackers with your encrypted vault could brute-force it. Use a strong, unique master password.

Device Compromise

If malware has full access to your device, it could capture your master password as you type or read decrypted vault data from memory.

Phishing Attacks

A fake AmnPass site could capture your master password. Always verify you're on the real app.amnpass.com.

Shoulder Surfing

Someone watching you type or viewing your screen could see your passwords. Be aware of your surroundings.

Lost Master Password

If you forget your master password, we cannot recover your data. Store it securely (physical safe, trusted person).

Best Practices

  • Use a strong, unique master password — Consider a passphrase of 4+ random words
  • Enable 2FA on your important accounts — Use AmnPass's built-in authenticator
  • Keep your devices secure — Use device encryption and strong device passwords
  • Verify the URL — Always check you're on app.amnpass.com before entering credentials
  • Store your master password safely — Write it down and keep it in a physical safe
  • Log out on shared devices — Don't stay logged in on computers others use

Security is a Shared Responsibility

AmnPass provides strong cryptographic protection for your data. But security is a partnership — your practices matter too.

Ready to get started?

Now that you understand our security model, start protecting your passwords with AmnPass.

Get Started Free View All Features
Zero-knowledge encryption
End-to-end encrypted
2FA authenticator included