Base-2-Pass

Frequently Asked Questions

Security & Encryption

How is my data encrypted?

Base-2-Pass uses XChaCha20-Poly1305 for encryption, one of the most secure authenticated encryption algorithms available. Your master password is processed through Argon2id, the winner of the Password Hashing Competition, which is specifically designed to resist both GPU and ASIC attacks.

What is zero-knowledge architecture?

Zero-knowledge means we never have access to your unencrypted data. All encryption and decryption happens locally on your device. Your master password never leaves your browser, and even with cloud sync enabled, our servers only store encrypted blobs that we cannot read.

What happens if I forget my master password?

Due to our zero-knowledge architecture, we cannot recover your master password. There is no "forgot password" option because we never have access to your encryption keys. This is by design for maximum security. We strongly recommend:

  • Writing down your master password and storing it in a secure physical location
  • Using a memorable but strong passphrase
  • Regularly exporting an encrypted backup of your vault

Master Password

Can I change my master password?

Yes, you can change your master password at any time without losing any data. Here's how it works:

  • You'll need to enter your current password to verify your identity
  • Your vault is decrypted in memory using your current password
  • A new random salt is generated for enhanced security
  • Your vault is re-encrypted with your new password
  • The old encryption key is securely wiped from memory

Your vault items (passwords, accounts, cards, etc.) remain unchanged - only the encryption wrapper changes.

What makes a strong master password?

Your master password is the single key to all your data. We recommend:

  • Length: At least 12-16 characters, longer is better
  • Passphrase: Consider using 4-5 random words (e.g., "correct horse battery staple")
  • Unique: Never reuse your master password anywhere else
  • Memorable: You need to remember it - we can't recover it for you

Cloud Sync

How does cloud sync work?

Cloud sync allows you to access your vault across multiple devices while maintaining zero-knowledge security:

  • Local First: Your vault is always stored locally and encrypted on your device
  • Encrypted Upload: Only the encrypted blob is synced to the cloud - never plaintext
  • Server Ignorance: The sync server stores encrypted data it cannot read
  • Pull on Unlock: When you unlock on another device, it pulls and decrypts the latest vault

What happens if I change my password with multiple devices?

When you change your master password on one device:

  • The vault is re-encrypted with your new password and synced to the cloud
  • Other devices will receive the newly encrypted vault on their next sync
  • You'll need to use the new password to unlock on all devices
  • There's no need to "update" each device separately - the sync handles it

Is cloud sync required?

No, cloud sync is completely optional. Base-2-Pass works entirely offline with local-only storage. Your data never leaves your device unless you explicitly enable cloud sync.

Data & Privacy

What data do you collect?

We collect minimal data necessary for the service to function:

  • With cloud sync: Your encrypted vault blob and a hashed account identifier
  • Without cloud sync: Nothing - all data stays on your device
  • Never collected: Your master password, decrypted vault contents, browsing history, or analytics

See our Privacy Policy for complete details.

Can I export my data?

Yes, you can export your entire vault at any time. The export contains all your items in a standard format that you control. We believe your data belongs to you.

What happens if Base-2-Pass shuts down?

Your data remains safe and accessible:

  • Local vaults continue to work indefinitely - they're stored on your device
  • You can export your data at any time in standard formats
  • Base-2-Pass is open source, so the code remains available

Features

What types of items can I store?

Base-2-Pass supports multiple item types:

  • Logins: Username, password, website URLs, and TOTP codes
  • Accounts: Comprehensive account info including credentials, account numbers, customer IDs, subscription details, and support contacts
  • Cards: Credit/debit card details with auto-detection of card brand
  • Identities: Personal information for form filling
  • Secure Notes: Freeform encrypted text for any sensitive information

How does autofill work?

When you visit a website, Base-2-Pass can automatically detect login forms and offer to fill your credentials. The extension matches websites against saved URLs using domain matching, and you can customize matching rules per item.

Back to Home