PassaPassa helps professionals securely store, organize, generate, and reuse passwords, OTPs, cloud logins, test accounts, admin credentials, client portals, and everyday sign-ins directly from the browser.
No card required. We'll email store availability and product updates. The Free plan starts when you install Passa and create a vault.
Features
Built for people who need fast browser access to many credentials without giving up privacy, control, or clarity.
AES-256-GCM with PBKDF2 at 600,000 iterations. Your vault is encrypted on your device before it goes anywhere. Passa does not have the keys needed to decrypt your passwords.
Sync via Google Drive or Dropbox - storage you already own. Passa never hosts your vault on a proprietary server. No vendor lock-in, no single point of failure, no subscription required to access your own data.
Detects common login forms, offers to save or update credentials after sign-in, and fills username, password, account ID, tenant, and organization fields where supported.
Store otpauth:// or base32 secrets, preview the rolling 6-digit code with countdown, copy codes from the vault, and fill detected MFA fields where supported.
Store recovery codes, API keys, license keys, server credentials, banking references, and private notes in the same encrypted vault. Conceal sensitive fields when viewing a note.
Sync your encrypted vault through Google Drive or Dropbox, retry manually, see last-sync status, and review local-vs-cloud conflicts or duplicate credentials when needed.
Import Bitwarden JSON or CSV, LastPass CSV, Dashlane CSV, 1Password CSV, KeePass CSV, Chrome, Firefox, Safari, and generic URL/username/password CSV exports.
Set an inactivity timeout, lock manually, and rely on browser session storage for temporary keys where available. Failed unlock attempts trigger backoff and lockout protection.
Use the popup, field button, right-click generator, right-click OTP fill, and Ctrl/Command+Shift+L shortcut to bring up saved credentials for the current site.
Organise credentials into folders with icons and colours, filter by folder, favorite important records, search, sort, paginate large vaults, and track weak or recently added passwords.
Export encrypted vault backups, export CSV for portability, import backup files, delete all local data, and use legal/privacy pages built into the extension.
Current coverage
This section reflects the implemented browser-extension surface: local vault, browser autofill workflows, organization, import and export, optional Pro sync, TOTP, Secure Notes, and privacy controls.
Use cases
Passa is focused on the browser moments where credentials are created, stored, copied, filled, reset, and reused during real work.
Software testers
Store QA users, staging credentials, admin roles, demo logins, customer scenarios, and repeated registration flows in one searchable vault.
Developers
Organize internal tools, local apps, API dashboards, database panels, CMS logins, and environment-specific credentials without dumping secrets into notes.
DevOps professionals
Keep AWS, Azure, GCP, server panels, root accounts, IAM users, recovery notes, and break-glass credentials easier to identify and reuse.
Freelancers and consultants
Save client portals, hosting accounts, domain registrars, analytics tools, CMS dashboards, and payment portals without relying on spreadsheets.
Founders and solo operators
Bring SaaS tools, business email, social accounts, payment processors, cloud platforms, and admin dashboards into a cleaner browser workflow.
Power users
Use Passa for everyday sign-ins, alternate accounts, secure notes, generated passwords, and quick autofill across supported desktop browsers.
How it works
No servers to configure. No migration headaches. Install, connect your cloud, and you're protected.
Add Passa to Chrome, Edge, or Firefox. Create your account with a strong master password - it is hashed on your device and never transmitted in plaintext.
Your master password is the only key. We never see it, store it, or recover it.
Choose Google Drive or Dropbox as your sync provider when you want cross-device access. Passa writes an encrypted vault file to your storage. You keep control of the place where your vault lives.
passa_vault.encrypted lives in your cloud. Switch providers or export any time.
Log in to a supported website and Passa offers to save your credentials. One click captures the login, encrypts it locally, and keeps it ready to sync when Pro sync is enabled.
Save usernames and passwords from supported forms. Add account fields, TOTP secrets, and encrypted Secure Notes manually when needed.
Passa detects common login forms and fills saved credentials in one click. Use the Passa button on a field or trigger autofill from the extension popup.
Your local vault remains accessible and exportable even if Pro is not active.
Security
Zero-knowledge means your master password never leaves your device. Your vault is encrypted before it touches any network. Your cloud provider stores a file it cannot read. Passa's servers store nothing about your vault.
Temporary session keys are kept in browser session storage where available, with a service-worker restore fallback for supported browsers. Close your browser or let the timeout expire and your vault locks again. Even if someone gains physical access to your device, your vault remains encrypted at rest.
If your cloud vault file is exposed, it is still encrypted ciphertext. Without your master password, Passa should not be able to decrypt it, and neither should your cloud provider.
Passa follows the same broad zero-knowledge principle used by established password managers, with one key difference: your vault never lives on our servers at all.
Sync packages include an HMAC-SHA256 ownership signature where supported, helping Passa detect cloud files that do not belong to your account.
Under the hood
The features most password managers don't talk about - but should.
Your vault is stored encrypted on your device first. Cloud sync is optional and writes encrypted data to storage you connect.
When you copy a password, the clipboard is automatically cleared on a timer. No lingering credentials in your clipboard after you're done.
5 failed unlock attempts trigger exponential backoff. 10 failed attempts lock the vault for 30 minutes, slowing repeated guessing attempts.
The Passa button injected into password fields runs in Shadow DOM isolation, which helps keep extension UI separate from the page around it.
Export all your data or permanently delete everything - on demand, verified by your master password. Full data portability, no hoops to jump through.
Right-click any input field and generate a strong password directly into it via the browser context menu. No need to open the extension popup.
Pricing
Buy Pro through Lemon Squeezy or lock in the limited Lifetime Pro early supporter price. Free local vault access is included when you install the extension.
Included when you install Passa and create a local vault.
Billed monthly, cancel anytime
Full Passa Pro access, billed month to month.
Billed monthly, cancel anytime
Full Passa Pro access for less than $1/month.
Billed as $11.88/year
One payment for Passa Pro password manager updates.
Early supporter lifetime price
Checkout is handled securely by Lemon Squeezy. Annual Pro is billed yearly; Lifetime Pro is a one-time purchase.
Your local vault remains accessible even if Pro expires. Lifetime Pro covers future updates to Passa's current Pro password manager features, excluding separate future products or enterprise plans.
FAQ
Your master password never leaves your device. The vault is encrypted locally using AES-256-GCM before any data is stored or synced. Passa's servers receive only a bcrypt hash of a client-derived password hash - never the plaintext password, encryption keys, or vault contents.
On your device (encrypted in IndexedDB) and in a single encrypted file in your Google Drive or Dropbox - whichever you connect. Passa's servers store only your account authentication data. The vault itself never touches our infrastructure.
Bitwarden and 1Password both store your encrypted vault on their own servers. Passa stores it in your Google Drive or Dropbox - cloud storage you already own and control. Even if Passa shuts down tomorrow, your encrypted vault file stays in your cloud and remains yours. There is no proprietary server dependency.
We cannot recover your vault - by design. Zero-knowledge means we hold no key that could decrypt it. This is intentional: it also means no court order or data breach on our end can expose your passwords. We strongly recommend using a memorable passphrase and noting your recovery approach somewhere secure.
Passa is currently a desktop browser extension for Chrome, Edge, and Firefox. You can access your vault on any supported desktop browser where the extension is installed and your account/license is active.
Passa imports Bitwarden JSON/CSV, LastPass CSV, Dashlane CSV, 1Password CSV, KeePass CSV, Chrome, Firefox, Safari, and generic CSV files with URL, username, and password columns. Some exports vary by app version, so Passa reports skipped records during import.
Passa derives a sync key locally from your master password and email, re-encrypts your vault with it, and uploads a single file to your chosen cloud. On another device with the extension installed and the same account, it downloads and decrypts that file locally. You can sync through the extension, and Passa helps review conflicts when edits happen on multiple devices.
Yes, with a security tradeoff. Passa can store TOTP secrets, show current codes, and help fill detected MFA fields where supported. Keeping TOTP in a separate authenticator app remains stronger because it separates your second factor from your passwords. TOTP support is a Pro feature.
Yes. Passa Pro includes encrypted Secure Notes for recovery codes, API keys, license keys, server credentials, banking references, and plain private notes. Notes are stored inside your encrypted vault and sync through the same optional Google Drive or Dropbox file.
Yes, always. Export your full vault as JSON or CSV at any time from settings - verified by your master password. Your encrypted vault file also sits in your own Google Drive or Dropbox, so your data is never held hostage. No lock-in, ever.
Yes. You can join the updates list with no card required, or buy annual Pro or Lifetime Pro now through Lemon Squeezy checkout. The Free plan starts when you install Passa and create a vault. Pro adds paid features such as cross-device sync, Secure Notes, and TOTP autofill.
Lifetime Pro is a one-time purchase for Passa's current Pro password manager features, including future updates to those features. It does not automatically include separate future products, enterprise plans, or third-party service costs if those are introduced later.