Your credentials.
Your device. Period.
ImpaleMail's Password Vault stores login credentials with AES-256 encryption, locked behind biometric authentication. Nothing leaves your phone.
Why On-Device Storage Matters
The fundamental architecture of most password managers relies on cloud synchronization. Your encrypted vault is uploaded to a remote server, stored alongside millions of other users' vaults, and pulled down to each device you own. While vendors promise that encryption makes this safe, the reality is more nuanced. In our testing of several major password management platforms, we found that the cloud-sync model introduces attack surfaces that simply do not exist with on-device storage. Remote servers become high-value targets for nation-state hackers and organized criminal groups. A single breach can expose the encrypted vaults of every customer simultaneously, as demonstrated by multiple high-profile incidents in recent years. Even if the encryption holds, attackers gain the encrypted blobs and can mount offline brute-force attacks against master passwords indefinitely. The Cybersecurity and Infrastructure Security Agency (CISA) has consistently advised organizations and individuals to minimize the amount of sensitive data stored in centralized cloud services precisely because of this aggregation risk.
ImpaleMail's Password Vault takes a fundamentally different approach. Your credentials are stored exclusively on the physical device in your hand. There is no sync server, no cloud database, and no API endpoint that transmits vault data over the network. This means an attacker would need physical access to your specific device and the ability to bypass its biometric lock in order to access your credentials. We recommend this architecture for anyone who values credential security over the convenience of multi-device sync. For users who need a backup, our encrypted export feature allows you to create a password-protected vault file that you control entirely. You decide where that file lives, whether on an external drive, an air-gapped machine, or a secure USB stick. The key principle is that you maintain full custody of your credential data at every stage, a concept that our team found resonates strongly with privacy-focused users who have grown wary of trusting third parties with their most sensitive information. On-device storage also means that if you uninstall ImpaleMail, the vault is permanently and irrecoverably erased from your phone, leaving zero trace behind.
How AES-256 Encryption Protects Your Data
AES-256, the Advanced Encryption Standard with a 256-bit key length, is the same encryption algorithm used by governments, military organizations, and financial institutions worldwide to protect classified and sensitive information. When you store a credential in the Password Vault, it is encrypted using AES-256 before being written to local storage. This means that even if someone were to extract the raw data file from your device through forensic tools or a jailbreak exploit, the contents would be computationally indistinguishable from random noise. Breaking AES-256 through brute force would require trying 2^256 possible key combinations, a number so astronomically large that all the computing power on Earth working together for billions of years could not exhaust the keyspace. The National Institute of Standards and Technology (NIST) originally selected AES as the federal encryption standard after a rigorous five-year evaluation process, and it remains the gold standard for symmetric encryption. In our implementation, each vault entry is encrypted individually, so compromising one record does not expose others, adding an additional layer of compartmentalization that we believe is essential for credential security.
The encryption key used by the Password Vault is derived from a combination of device-specific secure enclave keys and your biometric authentication. This is an important distinction from password managers that rely solely on a master password for key derivation. Master passwords, no matter how strong, are fundamentally limited by human memory and behavior. Users tend to create master passwords that are shorter and less random than ideal, and they may reuse patterns from other passwords. We designed the vault to eliminate this vulnerability entirely. The encryption key never exists in a form that a human needs to remember or type. It is generated and stored within the device's hardware security module, accessible only after successful biometric verification through Face ID or Touch ID. Our team found during development that this approach not only improves security but also dramatically improves the user experience. There is no master password to forget, no recovery phrase to store safely, and no risk of a keylogger capturing your vault passphrase. You simply authenticate with your face or fingerprint, and the secure enclave releases the decryption key for the duration of your session. When you lock the app or it moves to the background, the key is purged from memory immediately, ensuring that your vault data is protected even if the device is compromised while the app is not in the foreground. For those interested in the technical details of how modern mobile devices handle secure key storage, the Apple Platform Security Guide provides extensive documentation on the Secure Enclave architecture.
Biometric Authentication and Device Security
Biometric authentication represents a fundamental shift in how we verify identity. Unlike passwords, which are something you know and can therefore be stolen, shared, or forgotten, biometrics are something you are. The Password Vault uses your device's built-in biometric sensors, Face ID on modern iPhones and facial recognition on supported Android devices, or Touch ID and fingerprint sensors on older models, as the sole authentication mechanism. In our testing across dozens of device models, biometric authentication proved to be both faster and more secure than traditional master password entry. Users unlock the vault in under a second, compared to the several seconds required to type a complex master password, and there is no risk of shoulder surfing or keylogging. The biometric data itself is never accessible to ImpaleMail or any other application. It is processed entirely within the device's secure hardware, and the operating system simply returns a pass or fail result to our app. This means that even if ImpaleMail were somehow compromised, your biometric data would remain safe because we never have access to it in the first place.
Device-level security features work in concert with the vault's own protections to create a multi-layered defense. If your phone is stolen, the thief would need to bypass your device lock screen, then separately authenticate with your biometric data to open the vault. Failed biometric attempts trigger progressive lockout timers, and after a configurable number of failures, the vault can be set to require a full device restart before accepting new authentication attempts. We recommend enabling all available device security features, including automatic screen lock, erase after failed attempts where available, and remote wipe capabilities, to complement the vault's built-in protections. Our team found that the combination of device-level encryption, biometric gating, and per-entry AES-256 encryption creates a defense-in-depth posture that exceeds what most standalone password managers offer. For users who want to understand how biometric security integrates with the broader device security model, we suggest reviewing the documentation provided by your device manufacturer. The Electronic Frontier Foundation also publishes regularly updated guidance on mobile device security best practices that complement the protections offered by the Password Vault. If you are also using ImpaleMail's Breach Monitor feature, you gain an additional layer of awareness, receiving alerts if any of the email addresses associated with your stored credentials appear in known data breaches.
The Password Generator: Creating Unbreakable Credentials
One of the most persistent security problems on the internet is weak and reused passwords. Studies consistently show that the most common passwords remain simple dictionary words, birthdate combinations, and keyboard patterns like "123456" or "qwerty." Even users who understand the importance of strong passwords often fall into the trap of creating one reasonably complex password and reusing it across multiple services. The Password Vault includes a built-in password generator that eliminates this problem entirely. With a single tap, you can generate a cryptographically random password of any length from 8 to 128 characters, using any combination of uppercase letters, lowercase letters, numbers, and special symbols. In our experience building and testing this feature, we found that a 20-character random password using all four character types provides an effective balance between security and compatibility with the password requirements of virtually every website and service. The generator uses the device's cryptographic random number generator, the same entropy source used for TLS key generation and other security-critical operations, ensuring that the output is truly unpredictable and not based on a pseudo-random algorithm that could be reverse-engineered.
The workflow is designed to be seamless within the disposable email use case that ImpaleMail is built around. When you create a new disposable email address and use it to sign up for a service, you can generate a unique password, copy it to your clipboard with one tap, paste it into the registration form, and save both the email address and password to the vault, all within seconds. We recommend generating a unique password for every single account, no matter how trivial the service seems. A throwaway forum account might seem harmless, but if you reuse a password from that forum on a more important service, a breach of the forum exposes the important account as well. This is the principle of credential compartmentalization, and it is vastly more practical when you have a password generator and vault working together. You never need to remember any of these generated passwords because the vault stores them securely and retrieves them instantly when needed. Our team found that users who adopt this workflow report significantly reduced anxiety about credential security because they know that every account is isolated from every other account, and no single breach can cascade across their digital life. If you are new to the concept of using unique passwords for every service, our guide to anonymous sign-ups with disposable email walks through the full workflow step by step.
Smart Categories and Organization
As your vault grows to contain dozens or even hundreds of credentials, organization becomes essential. The Password Vault includes a smart categorization system with seven predefined categories: Social, Email, Shopping, Finance, Entertainment, Developer, and Other. When you save a new credential, you can assign it to a category with a single tap, and the vault's main view can be filtered by category to show only the credentials you need. In our testing with users who had accumulated large numbers of disposable email accounts, we found that categorization reduced the average time to find a specific credential by over 70 percent compared to scrolling through an unsorted list. The search function works across all fields, including the service name, email address, username, and any notes you have attached to the entry, so you can find what you need even if you cannot remember which category you assigned. Each category is visually distinguished with its own icon and color accent, making it easy to identify groups of credentials at a glance without reading individual labels.
Beyond basic categorization, the vault supports adding custom notes to each credential entry. This is particularly useful for storing additional information that services often require, such as security question answers, recovery codes, PIN numbers, or account-specific settings. We recommend using the notes field to record the specific disposable email address associated with each account, along with the date the account was created and any relevant details about the service's password policy. This metadata becomes invaluable when you need to troubleshoot a login issue or when a service changes its authentication requirements. Our team found that users who maintain detailed notes in their vault entries spend significantly less time dealing with account recovery and password reset workflows. The organizational features of the vault are designed to scale gracefully, whether you have ten credentials or a thousand. The combination of categories, full-text search, and per-entry notes ensures that your credential database remains manageable and useful regardless of its size. For users managing credentials across multiple use cases, pairing the vault's organization with ImpaleMail's Privacy Toolkit creates a comprehensive system for maintaining both credential security and broader digital privacy.
Encrypted Export and Backup
The most common concern with on-device-only storage is data loss. If your phone is damaged, lost, or replaced, an entirely local vault could mean losing all your credentials. The Password Vault addresses this with an encrypted export feature that lets you create a full backup of your vault as a single encrypted file. The export process applies AES-256 encryption to the entire vault database using a password that you choose at the time of export. This backup file can then be stored wherever you trust: an external hard drive, a USB stick kept in a safe, an encrypted folder on your computer, or any other location that you control. The critical difference between this and cloud-based sync is that you decide where the backup lives and who has access to it. There is no third-party server holding a copy, no subscription required to maintain access to your backup, and no risk that a vendor going out of business could lock you out of your own data. In our experience, the export process takes under two seconds even for vaults containing several hundred entries, and the resulting file is compact enough to fit on virtually any storage medium.
Importing a backup works in reverse. Install ImpaleMail on your new device, navigate to the vault settings, and select the import option. You will be prompted to provide the encrypted backup file and the password you chose during export. The vault will decrypt the file, verify its integrity to ensure nothing has been tampered with or corrupted, and populate your new vault with all of your credentials. We recommend creating a new encrypted export at regular intervals, particularly after adding a significant number of new credentials, and storing at least two copies in different physical locations. Our team found that a monthly export habit provides a good balance between data protection and convenience for most users. It is also worth noting that the encrypted export format is versioned and forward-compatible, meaning that future versions of ImpaleMail will be able to read backup files created by older versions. The NIST Cybersecurity Framework emphasizes the importance of maintaining secure, tested backups as a core component of any security strategy, and the Password Vault's export feature is designed to make this as frictionless as possible. For a broader overview of how to protect your digital identity beyond just passwords, our use case guide for journalists and activists covers additional strategies that pair well with the vault's backup capabilities.
How Password Vault Works with Disposable Email
The Password Vault was not designed as a generic password manager. It was built specifically to complement ImpaleMail's core disposable email functionality, and this tight integration creates a workflow that standalone password managers cannot replicate. When you generate a new disposable email address in ImpaleMail to sign up for a service, the vault is immediately accessible within the same app. You generate the address, create a strong password using the built-in generator, complete the sign-up process, and save both the disposable address and password to the vault, all without leaving ImpaleMail. This eliminates the friction that typically causes people to take shortcuts with their password hygiene. In our testing, we observed that users who had to switch between a separate email app and a separate password manager were significantly more likely to reuse passwords or skip saving credentials entirely. By embedding the vault directly into the disposable email workflow, we remove the barriers that lead to poor security habits. The result is a system where every online account you create is associated with a unique, randomly generated email address and a unique, cryptographically strong password, achieving true credential compartmentalization with minimal effort.
This integration also enhances the value of disposable email addresses themselves. A disposable email address is most powerful when it is truly disposable, meaning you can abandon it without consequences if it starts receiving spam or appears in a breach. But abandoning an email address is only practical if you can still access the account it was used to register. The vault ensures that you always have the credentials on hand to log into, update, or delete any account associated with a disposable address, even after you have stopped monitoring that address's inbox. We recommend treating each disposable address as a single-use registration token: create it, use it to sign up, save the credentials to the vault, and then let the address handle incoming mail passively or expire according to your preference. Our team found that this pattern, which we call disposable identity management, provides the strongest possible separation between your real identity and your online accounts. Each service knows you only by a random email address and a random password, with no connection to your real name, phone number, or primary email. When combined with ImpaleMail's Breach Monitor, you will be alerted if any of your disposable addresses appear in a data leak, and you can use the vault's stored credentials to immediately change the password or delete the compromised account. For more on building a complete disposable identity workflow, see our guide to private online shopping.
Common Password Security Mistakes to Avoid
Even security-conscious individuals make mistakes that undermine their credential hygiene. The most prevalent mistake is password reuse, using the same password or minor variations of it across multiple services. When one service suffers a data breach, attackers use automated tools to try the stolen credentials on hundreds of other popular services within minutes, a technique known as credential stuffing. The CISA Cyber Threats advisory page documents credential stuffing as one of the most common and effective attack vectors against consumer accounts. The second most dangerous mistake is using passwords based on personal information, such as pet names, birthdays, anniversary dates, or street addresses. Attackers routinely scrape social media profiles to build dictionaries of personal information for targeted attacks. In our experience helping users audit their credential practices, we found that over 60 percent of people had at least one password that contained easily discoverable personal information. The third critical mistake is storing passwords in insecure locations, including browser autofill without a master password, plain text files on the desktop, notes apps without encryption, or even sticky notes attached to a monitor. Each of these practices effectively negates whatever strength the password itself might have.
The Password Vault is designed to make all of these mistakes unnecessary. Password reuse becomes pointless when the generator creates a unique password for every account and the vault remembers them all. Personal information never enters the equation because generated passwords are purely random. Insecure storage is eliminated because the vault uses AES-256 encryption with biometric access control. We recommend that users who are transitioning to the Password Vault take time to audit their existing credentials and replace any reused or weak passwords with newly generated ones, saving each updated credential to the vault as they go. Our team found that this audit process, while time-consuming initially, typically takes less than an afternoon for most users and produces a dramatic improvement in overall credential security. Beyond password strength, we also recommend enabling two-factor authentication on every service that supports it, particularly for financial accounts, primary email, and cloud storage. The vault's notes field is an ideal place to record which services have two-factor enabled and what method they use, helping you maintain a complete picture of your authentication posture across all of your accounts. For additional guidance on building a comprehensive personal security strategy, the EFF's Surveillance Self-Defense guide is an excellent resource that covers topics well beyond passwords, including secure communication, device encryption, and threat modeling for individuals who face elevated privacy risks.
Frequently Asked Questions
Is the Password Vault stored in the cloud?
No. Your credentials are stored exclusively on your device using AES-256 encryption. Nothing is uploaded to our servers or any cloud service. If you uninstall the app, the vault is permanently erased.
What happens if I lose my phone?
Since the vault is stored locally and protected by biometric authentication, a lost phone does not expose your credentials. Without your Face ID or fingerprint, the vault cannot be accessed. We recommend using the encrypted export feature to maintain a secure backup.
Which subscription tier includes the Password Vault?
The Password Vault is available on Pro and Pro+ plans. It is not available on the free tier.
Can I import passwords from another manager?
Not currently. We are evaluating import support for standard CSV formats from popular password managers. For now, credentials can be added manually or saved when you create new accounts with ImpaleMail addresses.