<![CDATA[-The secure management of account credentials presents a considerable challenge in the digital era, as many users continue to engage in unsafe practices such as password reuse. Conventional password managers typically store encrypted data on servers, which introduces risks if those servers are compromised. This study develops a web-based password manager that implements Zero-Knowledge Encryption (ZKE), ensuring that all essential cryptographic operations are executed exclusively on the client side (browser). Employing a client-server architecture (React frontend, Python/FastAPI backend), the system derives encryption keys from the user’s master password using Argon2id (4 iterations, 64 MB memory, 1 parallelism), and performs credential data encryption and decryption with AES-GCM entirely on the client side. The server is limited to receiving and storing encrypted data (verifier, salt, data blobs), without ever accessing the master password or plaintext credentials. Network payload analysis conducted with Chrome DevTools confirms that the ZKE implementation effectively prevents the exposure of sensitive data to the server. This approach substantially improves data privacy and security against server-side threats. Nevertheless, the ZKE model lacks an account recovery feature, placing full responsibility on users to protect their master passwords—a trade-off that underscores the need for further investigation into ZKE-compatible recovery mechanisms.]]>
