« The world's first password manager that works 100% offline and manages private OTP (TOTP/HOTP) keys with real-time autofill »
PassCypher — Intersec Awards 2026 Finalist among the world's top 5 cybersecurity solutions (Best Cybersecurity Solution category, Dubai). Quantum-Resistant Passwordless Manager — PassCypher finalist
Executive Summary
PassCypher HSM PGP is the world's first password manager that works 100% offline and manages private OTP (TOTP/HOTP) keys with real-time autofill — without any server, cloud, or database. Invented and patented in France, developed in Andorra by Freemindtronic, it offers unmatched protection against phishing and typosquatting through sandboxed URL verification and segmented AES-256 encryption. Whether you're in defense, critical infrastructure, or simply want sovereign digital privacy, PassCypher HSM PGP delivers zero-trust security with zero compromise.
CryptPeer® compatible: PassCypher HSM PGP enables entering CryptPeer credentials including the TOTP pin code in 2 clicks — passphrases >256 bits, secure connection without keyboard exposure. Learn more.
New Feature — Passwordless OTP Manager with Anti-Typosquatting Protection
This passwordless manager integrates a real-time TOTP/HOTP key manager. When a TOTP or PIN code field is detected on a web page, the system automatically retrieves and injects the correct one-time code — eliminating any manual steps and ensuring seamless login. This process is safeguarded by the sandbox mechanism embedded in each encrypted container, which verifies the active URL against the original encrypted URL. If a mismatch is detected, the code is not injected — effectively neutralizing typosquatting and phishing threats.
Key Features (Paid Version)
| Feature | 1 click | 2 clicks | 3 clicks |
|---|---|---|---|
| Serverless, database-free, no user identification | ✅ | ||
| One-click auto-login in <1 second | ✅ | ❌ | ❌ |
| Private key management for TOTP & HOTP | ❌ | ✅ | ✅ |
| Auto-fill PIN fields | ❌ | ✅ | ✅ |
| PGP AES-256 CBC encryption, segmented keys | ✅ | ||
| Manual & automatic BITB (Browser-in-the-Browser) protection | ✅ | ||
| Have I Been Pwned verification | ✅ | ||
| SSH generator (EviSSH — distinct from NFC HSM) | ✅ | ||
| PassCypher NFC HSM compatibility | ✅ | ||
Patented Freemindtronic Technologies Embedded
PassCypher HSM PGP embeds several patented Freemindtronic technologies:
- EviBITB — Detection and removal of BITB (Browser-in-the-Browser) iframes: EviBITB
- EviPass HSM PGP — Secure password and SSH key management: EviPass
- EviOTP HSM PGP — TOTP/HOTP key management with secure injection: EviOTP
- EviSSH — SSH keys storable in HSM: EviSSH
- EviEngine — Automation without servers or databases: EviEngine
DEF CON 33 — Password Manager and Passkey Vulnerabilities
At DEF CON 33 (August 2025), researchers revealed critical flaws: WebAuthn interception (synced passkeys phishable via spoofed prompts) and DOM clickjacking (11 password managers vulnerable to credential, TOTP and passkey exfiltration). PassCypher HSM PGP eliminates these vectors by Zero-DOM design — no secrets transit through the DOM, no spoofable prompt, no cloud.
The 3 Sovereign MFA Modes
- 1-step authentication: login + password
- 2-step authentication: 1st (login + password) + 2nd (injected OTP PIN)
- 3-step authentication: 1st (login) + 2nd (password) + 3rd (injected OTP PIN)
Why Sovereign Architecture Still Matters
While many password managers claim to offer privacy and security, their architectures remain fundamentally dependent on centralized services, external legal jurisdictions, and cloud infrastructures — exposing users, even in Europe, to legal and technical vulnerabilities that contradict Zero Trust principles.
Invented in France, Developed in Andorra: PassCypher HSM PGP was invented in France by a French cybersecurity expert and is developed in Andorra by Freemindtronic — the company he founded. Based on an international patent of French origin, PassCypher is the only 100% sovereign password manager that works fully offline, with no server, no database, no account, and no user identification.
Legal and Technical Independence
Unlike traditional managers that still rely on master passwords, cloud synchronization, or identity providers, PassCypher HSM PGP offers full legal and technical independence. It is natively immune to extraterritorial laws such as the CLOUD Act, FISA, and equivalent frameworks — ensuring unparalleled protection in air-gapped, Zero Trust, or military-grade environments.
International patent coverage: France, European Union, United States, United Kingdom, Japan, South Korea, and China.
Comparison with Cloud-Based Password Managers
| Feature | PassCypher | Bitwarden | 1Password | Proton Pass | KeePassXC |
|---|---|---|---|---|---|
| 100% native offline mode | ✅ | ❌ | ❌ | ❌ | ✅ |
| Serverless architecture | ✅ | ❌ | ❌ | ❌ | ❌ |
| No master password | ✅ | ❌ | ❌ | ❌ | ❌ |
| OTP private key management + real-time autofill | ✅ | ❌ | ❌ | ❌ | ❌ |
| Anti-BITB phishing protection | ✅ | ❌ | ❌ | ❌ | ❌ |
| Segmented AES-256 CBC encryption | ✅ | ❌ | ❌ | ❌ | ❌ |
| Air-gapped compatibility | ✅ | ❌ | ❌ | ❌ | ✅ |
| Europe sovereign tech (Andorra/France) | ✅ | ❌ USA | ❌ Canada | ❌ Switzerland | ❌ Eastern EU |
Use Cases
Benefits
- Enhanced security: Eliminate common attack surfaces with a serverless, database-free, and fully offline architecture.
- User anonymity: Maintain complete anonymity using zero-trust and zero-knowledge principles — no accounts, no identifiers, no tracking.
- Productivity boost: Automate secure logins in under a second with one-click access.
- Effortless deployment: Set up in minutes without a master password, cloud services, or third-party authentication.
- Built-in OTP (2FA) manager: Automatically handles TOTP and HOTP keys, generates secure PIN codes, and fills them in real time — only if the sandboxed URL matches.
- Military-grade sovereignty: Operates entirely offline, compliant with air-gapped environments and sensitive operational contexts.
Technical Specifications
- Encryption: AES-256 CBC PGP with segmented key architecture
- Auto encryption: Real-time AES-256 CBC encryption on container creation (URL, credentials, OTP keys)
- Storage flexibility: Local disk, removable drives, NFC HSM, or cloud (encrypted)
- Compatibility: Windows, macOS (Chromium-based browsers)
- Browser integration: Extensions for Chrome and Edge
Recognition and Compliance
Higher compliance level than cloud password managers — differentiating advantage for critical entities and regulated sectors.
- Intersec Awards 2026 — Best Cybersecurity Solution Finalist (Dubai): PassCypher finalist Intersec Awards 2026
- GDPR Article 5 and 32 — Data minimization, Zero Knowledge
- NIS2 (Europe) — Serverless architecture, no third-party dependency
- DORA — Operational resilience, infrastructure under control
- CRA — EU Declaration of Conformity (Module A)
- NIST Cybersecurity Framework 2.0 — Alignment with Govern, Protect, Detect
- ISO/IEC 27001 — Information security
- CLOUD Act / Patriot Act immunity (USA) — No data with providers subject to extraterritorial jurisdictions
- Air-gapped infrastructure compatibility — Isolated environments
- Zero Trust and Zero Knowledge by design — Native
- Quantum resilience (by design) — AES-256 (symmetric), scalable
- NFC ISO/IEC 14443 & 15693 — Compatible with PassCypher NFC HSM
Download
PassCypher Engine (Paid version):
PassCypher HSM PGP extension: