DuckDuckGo’s password manager has a range of robust security protections in place to keep your passwords safe and accessible only by you.
- On-device encryption & storage
- Locks access behind secure on-device authentication
- Lets you generate secure passwords on the fly
- Phishing protection for autofill
- Sync & Backup is easy to set up when you’re ready
On-Device Encryption & Storage
Unlike other browsers and password managers, you won’t have to set up another account to remember or autofill passwords in DuckDuckGo. That’s because we don’t store your passwords in the cloud by default — we encrypt them (via 256-bit AES) before stashing them securely on your device.
Biometric or Passcode Unlock
We designed our password manager to leverage the security built-in to your Apple, Windows, and Android devices. Your saved passwords can only be accessed or used after authenticating with built-in biometric security, for example Face ID or Touch ID, or your passcode.
Secure Password Generation
Using the same password for different sites makes that password less secure, and remembering unique passwords for all your sites can be a pain. The DuckDuckGo password manager gives you one-touch access to a strong random password whenever you sign up to a new site, which you can easily access whenever you sign back in.
Phishing Protection
Once you’ve saved a login for a website, we won’t show you an autofill prompt unless that domain’s signature matches one of your saved passwords. If you’ve saved a password, autofill prompts won’t appear for sign-in forms on sites pretending to be the real website, and we’ll never pre-fill your saved passwords without prompting you first — if something about the site seems dodgy you can choose not to proceed.
End-To-End Encrypted Sync & Backup
If you set up private Sync & Backup in DuckDuckGo, we store your data on our servers in a way that prevents us and others from reading it but lets you access up-to-date logins in DuckDuckGo browsers on your other devices.
End-to-end encryption means your data is encrypted before it’s uploaded to DuckDuckGo’s servers and is only decrypted after it’s downloaded onto your device. In other words, it’s encrypted from one end (the first device) to the other end (a second device) and is only readable from your devices that contain the encryption key.
That means DuckDuckGo does not have access to the encryption key and cannot read the data stored on our servers.
Prior versions on GitHub.