Combine multiple encryption algorithms for enhanced security. Layered encryption for maximum protection. Choose your preferred encryption algorithm and key length for personalized security preferences. Password.app gives you control over how your sensitive data is encrypted.
AES-GCM (Default)
Provides both encryption and authentication, offering the highest security. Recommended for most use cases. Customize key derivation functions. Control how encryption keys are generated.
AES-CBC
Cipher Block Chaining mode, widely supported and compatible with many systems.
AES-CTR
Counter mode, offering good performance and parallelization capabilities.
128-bit
Standard security level, suitable for most everyday use cases.
192-bit
Enhanced security level, offering a good balance between security and performance.
256-bit (Default)
Maximum security level, recommended for highly sensitive data.
When sharing a password or file, click the "Advanced Options" button
Select your preferred encryption algorithm from the dropdown menu
Choose your desired key length (128, 192, or 256 bits)
Continue with the sharing process as normal
When decrypting shared content, Password.app automatically detects the encryption algorithm and key length used, so the recipient doesn't need to know these details. However, for maximum security, we recommend using AES-GCM with 256-bit keys whenever possible. Secure sharing options. Share encrypted data safely.
| Algorithm | Security | Performance | Best For |
|---|---|---|---|
| AES-GCM (256-bit) | Excellent | Good | Maximum security needs |
| AES-CBC (256-bit) | Very Good | Very Good | Compatibility with older systems |
| AES-CTR (256-bit) | Very Good | Excellent | Performance-critical applications |
| AES-GCM (192-bit) | Very Good | Very Good | Balance of security and performance |
| AES-GCM (128-bit) | Good | Excellent | Everyday use cases |
For most everyday use cases, AES-128 provides adequate security. However, AES-256 offers a higher security margin and is recommended for sensitive data, especially considering future advances in computing power. The performance difference is minimal in modern browsers, so we default to AES-256 for maximum security.
Different scenarios may require different encryption approaches. While AES-GCM is our recommended default for its security properties, AES-CBC might be needed for compatibility with certain systems, and AES-CTR can offer performance benefits in specific use cases. We believe in giving you control over your security choices.
When you encrypt data with Password.app, we include metadata about the encryption method used (algorithm and key length) within the encrypted payload. This metadata is itself encrypted, ensuring that only the recipient with the correct unlock key can determine how to decrypt the data. This approach allows for seamless decryption without requiring the recipient to know the specific encryption settings used. Encrypt with confidence. Your data never leaves your device.