Security Glossary
Plain-English explanations of security terms you'll encounter when using a password manager.
Jump to:
Zero-Knowledge Encryption
A security model where the service provider cannot access your data. In AmnPass, this means we never have access to your master password or the keys needed to decrypt your vault. Even if our servers were compromised, your data would remain encrypted and unreadable.
End-to-End Encryption (E2EE)
Data is encrypted on your device before being sent, and can only be decrypted by the intended recipient. The service in between only sees encrypted data. AmnPass uses E2EE for all vault data and shared passwords.
Master Password
The single password you use to unlock your password vault. It's used to derive the encryption keys that protect all your other passwords. Choose a strong one — it's the only key to your vault, and no one can reset it if you forget.
Key Derivation Function (KDF)
A cryptographic function that converts your master password into the encryption keys used to protect your vault. KDFs are designed to be slow and memory-intensive, making brute-force attacks impractical.
TOTP (Time-based One-Time Password)
A type of two-factor authentication that generates a new 6-digit code every 30 seconds. The code is calculated using a shared secret (stored encrypted in AmnPass) and the current time. Common services like Google, GitHub, and AWS use TOTP.
Two-Factor Authentication (2FA)
A security measure requiring two different forms of verification to log in: something you know (password) and something you have (like a code from your phone). Even if someone steals your password, they can't log in without the second factor.
Encryption
The process of converting data into a coded format that can only be read by someone with the correct key. Encrypted data looks like random noise to anyone without the decryption key.
Ciphertext
The encrypted (scrambled) form of your data. When your passwords are stored on AmnPass servers, they're in ciphertext form — completely unreadable without your vault key.
Plaintext
The readable, unencrypted form of data. Your actual passwords are plaintext. In AmnPass, plaintext only exists in your browser when you're logged in — never on our servers.
Vault
The encrypted container that holds all your passwords, 2FA codes, and secure notes. Your vault is encrypted with keys derived from your master password and synced across your devices.
Public-Key Cryptography
A system using a pair of keys: a public key (shareable) for encrypting data, and a private key (secret) for decrypting it. AmnPass uses this for secure sharing — anyone can encrypt data for you using your public key, but only you can decrypt it.
Phishing
A social engineering attack where attackers create fake websites or emails that look legitimate to steal your credentials. Always verify you're on the real site before entering your master password.
Brute-Force Attack
An attack that tries every possible password combination until finding the right one. Strong master passwords and slow key derivation functions make brute-force attacks impractical.
Credential Stuffing
When attackers use username/password pairs leaked from one breach to try logging into other services. This is why you should never reuse passwords — use unique passwords for every site.
Passphrase
A password made up of multiple random words, like "correct horse battery staple". Passphrases are easier to remember than random character passwords but equally secure when long enough.
Progressive Web App (PWA)
A web application that can be installed on your device like a native app. AmnPass is a PWA — it can be added to your home screen, works offline, and syncs when connected.
Passkeys
A newer authentication technology that replaces passwords with cryptographic keys stored on your device. You authenticate with biometrics or a device PIN instead of typing a password. Passkeys are phishing-resistant and more convenient.