AES-256 encryption derived entirely on your device. Your vault lives in your own Google Drive or iCloud — CiFort never sees a single password.
Your master password derives a key using AES-256-GCM with PBKDF2 at 600,000 iterations — on your device, never transmitted. Not even we can read your vault.
Your encrypted vault lives in your own Google Drive or iCloud. There is no CiFort server to breach, subpoena, or go offline.
The vault is self-contained — the cryptographic salt is embedded in the file itself. Open it from any browser with your master password.
Every password clears a mandatory bar: uppercase, digits, special characters, minimum 11 characters. Weak passwords do not get through.
Copied passwords vanish automatically after 10 seconds — and instantly when you switch away from the app.
Five wrong attempts triggers a timed lockout with exponential backoff. Automated guessing attacks are stopped at the gate.
Zero-knowledge is not a marketing claim. No backdoors, no account recovery, no override. Your data belongs entirely to you.
Pick a master password. A key is derived on your device — it never leaves.
Your encrypted vault file saves to your own Google Drive or iCloud.
Unlock from any browser, on any device. The salt travels inside the vault file.
Lockouts, clipboard clearing and enforced strength policies watch your back.
CiFort is completely free — because everyone deserves a vault only they can open.