# Krypt

> Krypt is a local-first, zero-knowledge password manager and secure vault for passwords, passkeys, secure notes, sensitive files, recovery codes, and private account context.

Krypt is built for people who want control over private digital life without storing readable vault data on a company server. The app focuses on local-first encrypted storage, optional encrypted cloud sync, multiple vaults, a decoy vault, recovery planning, password health, built-in TOTP context, and Android 14+ website passkey support through Android Credential Manager.

## Primary Pages

- [Home](https://thekryptvault.com/): Product overview for Krypt.
- [Password Manager](https://thekryptvault.com/password-manager.html): Local-first password manager and secure vault for logins, notes, files, passkeys, and recovery data.
- [Secure Vault](https://thekryptvault.com/secure-vault.html): Encrypted vault for passwords, files, photos, videos, secure notes, and recovery material.
- [Passkey Manager](https://thekryptvault.com/passkey-manager.html): Android 14+ website passkey creation, storage, listing, deletion, and use through Android Credential Manager.
- [Password Health Check](https://thekryptvault.com/password-health-check.html): Review weak, reused, old, and compromised passwords.
- [Recovery Kit](https://thekryptvault.com/recovery-kit.html): Physical Recovery Kit and Rescue Key planning for encrypted vault backups.
- [Features](https://thekryptvault.com/features.html): Product feature overview.
- [Blog](https://thekryptvault.com/blog/): Security, privacy, password management, recovery, and secure vault articles.

## New Security Articles

- [Can a QR Code Steal Your Password Even If You Use 2FA?](https://thekryptvault.com/blog/qr-code-phishing-2fa-passwords.html): QR code phishing, quishing, one-time codes, and safer account recovery.
- [Are AI Browser Extensions a Password Risk?](https://thekryptvault.com/blog/ai-browser-extensions-password-risk.html): Browser extension permissions, AI productivity lures, credential exposure, and vault separation.
- [Do Password Complexity Rules Still Matter in 2026?](https://thekryptvault.com/blog/nist-password-guidelines-2026.html): NIST-aligned password guidance, unique passwords, MFA, recovery codes, and account hygiene.

## High-Value Security Guides

- [Infostealer Malware: Why Changing Your Password May Not Be Enough](https://thekryptvault.com/blog/infostealer-session-cookies-password-reset.html): Session cookies, OAuth tokens, password resets, and device cleanup.
- [When the Login Page Is Real: OAuth Device-Code Phishing](https://thekryptvault.com/blog/oauth-device-code-phishing.html): Device-code phishing, OAuth grants, and connected-app review.
- [Passkey Recovery Checklist](https://thekryptvault.com/blog/passkey-recovery-checklist.html): Planning passkey recovery before switching devices or wiping phones.
- [Passkeys vs. Passwords in 2026](https://thekryptvault.com/blog/passkeys-vs-passwords-2026.html): What passkeys fix, what passwords still do, and why recovery context matters.
- [Your Phone Is the New Phishing Target](https://thekryptvault.com/blog/mobile-phishing-fake-texts-calls-passwords.html): Smishing, vishing, QR phishing, and mobile account takeover.
- [Stop Saving 2FA Backup Codes as Screenshots](https://thekryptvault.com/blog/stop-saving-2fa-backup-codes-as-screenshots.html): Recovery-code storage and cleanup.
- [What to Do After a Data Breach Notice](https://thekryptvault.com/blog/what-to-do-after-data-breach-notice.html): Practical breach response for passwords, 2FA, and recovery paths.
- [How Krypt Encrypted Cloud Sync Works](https://thekryptvault.com/blog/how-encrypted-cloud-sync-works.html): What syncs, what stays encrypted, and what a cloud provider can see.
- [How to Back Up an Offline Password Manager Without Giving Up Privacy](https://thekryptvault.com/blog/backup-offline-password-manager-privacy.html): Encrypted exports, restore testing, Recovery Kits, and privacy-safe backup habits.

## Product Truths

- Krypt is local-first and zero-knowledge. Vault data is encrypted before it leaves the device.
- Krypt does not provide server-side recovery. Users must keep their PIN and Recovery Kit safe.
- Krypt supports separate real vaults and a decoy vault for compartmentalized privacy.
- Krypt can store passwords, secure notes, sensitive files, account recovery notes, 2FA backup codes, and private documents.
- Krypt supports optional encrypted cloud sync to user-controlled providers.
- Krypt supports Android 14+ website passkeys through Android Credential Manager. These passkeys are for third-party websites and services, not for unlocking Krypt itself.
- Krypt uses a free core vault with an optional lifetime Pro upgrade.

## Crawl and Contact

- [Sitemap](https://thekryptvault.com/sitemap.xml)
- [Robots](https://thekryptvault.com/robots.txt)
- [Support](https://thekryptvault.com/support.html)
- [Privacy Policy](https://thekryptvault.com/privacy.html)
- [Terms](https://thekryptvault.com/terms.html)
- [App Store](https://apps.apple.com/us/app/krypt-password-secure-vault/id6760196383?mt=12)
- [Google Play](https://play.google.com/store/apps/details?id=com.krypt.vault.krypt)