Generate, store, encrypt
Strong passwords with the per-site picker. Each item is encrypted with a key derived from your master passphrase.
amazon
github
netflix
Password Manager
Your secrets, encrypted and yours.
Passwords, payment methods, secure notes, and 2FA seeds — end-to-end encrypted on your device. The vault stays local; the cloud only sees ciphertext.
End-to-end encrypted
Local-first vault
Open and auditable
Forms find their values
The extension reads field labels, asks once, fills the rest. TOTP codes are right next to the password they protect.
user
pass
Detected · 2 fields
Everywhere, encrypted
Phone, desktop, browser — same vault, end-to-end encrypted in transit and at rest. Works offline; reconciles on reconnect.
phone
chrome
Synced · 2.1s
The core — and then some.
Logins, payment methods, secure notes, and TOTP — autofilled on every browser and every device, encrypted with a key only you can derive.
Logins & autofill
Generate strong passwords with the per-site picker, store them encrypted, and autofill on every browser and device. Inline strength meter, breach badges, one-tap rotation.
TOTP built in
Authenticator codes live next to the account they protect. Scan the QR once, never juggle a separate app for the second factor again.
Biometric unlock, cross-device sync
Fingerprint, face, or OS passkey on Android. Browser extension is session-scoped (no persistent ciphertext on disk by design). Delta sync across every device.
Bring your existing vault.
We read 1Password, Bitwarden, LastPass, Chrome, and Safari exports out of the box — the importer detects the file signature and maps fields automatically.
Android importer
Export your existing vault, open BoxOwl, pick the file. Format auto-detected; conflicts surfaced row-by-row before commit. Five competitors plus generic CSV today.
Browser-extension importer
Same engine in the extension — drag-drop the export from your old manager and BoxOwl walks the diff before writing anything.
Webapp & agent-driven
Web-app desktop importer at parity with mobile, plus agent-driven migration via the MCP boxowl_import_from_file tool — both at launch parity via the BoxOwl daemon. See the dual-path breakdown in the next section.
Two paths from your old manager.
Five sources at launch — 1Password, Bitwarden, LastPass, Chrome, Safari. Drag-drop your CSV in the webapp, or let your AI agent walk you through it. Either way: about five minutes.
Webapp: drag-drop your CSV
Export from your existing manager, open app.boxowl.me/import, drop the file. Format auto-detected; conflicts surfaced row-by-row before commit. Generic CSV also works.
Agent: your AI walks you through it
Install BoxOwl + your AI agent's BoxOwl skill. Tell your assistant to migrate from 1Password. Five minutes later, you're done. Your AI never saw your passwords — BoxOwl handled them directly.
Five sources at launch
One skill per source: migrate-from-1password, migrate-from-bitwarden, migrate-from-lastpass, migrate-from-chrome, migrate-from-safari. Per-host walkthroughs →
Breach monitor · Free baseline
HIBP k-anonymity — your passwords never leave.
Each password is hashed locally; we send only the first five hex characters of the SHA-1 to Have I Been Pwned and check the suffix on-device. The full password and its full hash never leave your device. Inline scan on the password list, top-3 alert on the Shield tab, 30-day skip-window so repeated checks don't burn your data plan.
Password health · Free baseline
Weak, reused, or stale — surfaced at a glance.
A single score across your vault: weak entropy under 40 bits flagged, reused passwords detected via locally-hashed SHA-256, age tracked per credential. The Shield tab shows the score ring and the top three things to fix today. No remote scan; everything runs against the local cache.
Share what you mean to. Keep the rest.
Per-item visibility flags. Per-connection overrides. Family vaults for the things you really do co-own — without dragging your whole secret store across the household.
Per-item visibility
Each row carries its own flag: private, public, or shared with specific connections. Long-press an item to override its default for any one person. Changes audit-logged.
Family vaults
Plans start at $6/mo for 5 people with two shared vaults, $9/mo for 8 people with four, and $12/mo for 12 people with five. Every member gets Premium.
Connection trust levels
Restricted · standard · trusted · intimate — and each connection sees only what their level (plus any per-item override) allows. Downgrade or revoke anyone from one screen.
Travel Mode Premium
Cross a border with less to lose.
Pick a category set; toggle Travel Mode on; the rest of the vault is wiped from your device. Server still has them, your device doesn't. Turn it off when you're home and they sync back, untouched. Biometric-confirmed; available on Premium at launch.
Vault Attachments Premium
Files attached to the secret they belong with.
Recovery codes, license keys, scanned IDs — attached directly to the vault item that gives them meaning. End-to-end encrypted with a wrapped content-encryption-key per file; 1 GB included on Premium with a per-item quota meter.
NightWatch Free + Premium
One dashboard for your secret hygiene.
The Free baseline you already saw — HIBP breach scan, reuse detection, password-age tracking — rolls up into a single NightWatch score. Premium adds the full dashboard: 2FA-gap detection across known TOTP providers, paged breach-check history, and dismiss/resolve workflow for findings.
How it compares
BoxOwl vs the password-manager incumbents.
The features that meaningfully differ — not every checkbox. Comparisons reflect each product's public offerings as of mid-2026; if you're unsure, follow the source link.
| Feature | BoxOwl | 1Password | Bitwarden | Dashlane |
|---|---|---|---|---|
| End-to-end encryption | ✓ | ✓ | ✓ | ✓ |
| Local-first vault on device | ✓ | cloud-first | cloud-first | cloud-first |
| Open-source SDK + daemon | ✓ | — | server OSS | — |
| TOTP built in | ✓ | ✓ | Premium | ✓ |
| Per-item sharing | ✓ | ✓ | ✓ | ✓ |
| Breach monitor (Free tier) | ✓ | ✓ | ✓ | ✓ |
| Travel Mode | Premium | ✓ | — | — |
| Encrypted attachments | Premium | ✓ | Premium | — |
| AI agent integration via MCP | ✓ | — | — | — |
| Structured personal data & propagation | ✓ | — | — | — |
✓ shipped · — not offered · "Premium" gated behind that vendor's paid tier. BoxOwl Free pricing covers every ✓ above; BoxOwl Premium adds Travel Mode and 1 GB of encrypted attachments. For the full Secrets vs Data comparison across all of BoxOwl, see the broader comparison.
Encryption you can read the source of.
The architecture in four lines. Click each for the depth.
End-to-end encrypted
Each item is encrypted with a key derived from your master passphrase via Argon2id. We can't read the plaintext; nobody we hand the server to can either.
Wrapped DEK envelope
Per-row DEK sealed under AES-256-GCM. AAD binds each row to its category and id, so a ciphertext from one row can't be rebound to another at rest.
Local-first substrate
Your vault is a SQLite database on your device. Cloud sync is optional — disable it and the app still works. The daemon's primary loop reads and writes locally.
Open audit log
Every read, write, share, and revoke is recorded with actor + IP + key. Exportable as a signed Open Audit receipt under CC0.
Read the full architecture in trust.html, or the daemon source under Apache 2.0 at /docs.
Free for the password manager.
Premium adds Travel Mode, Vault Attachments, the full NightWatch dashboard, and AI-agent connections. Free · $3/mo Premium · $24/yr annual · Family from $6/mo.
Move your secrets in five minutes.
BoxOwl is in private beta. Get the Android app, install the browser extension, import from your current manager, and join the waitlist for a registration token.