General
🧩 What is ZeroKeyUSB?
ZeroKeyUSB is a hardware password manager that stores your credentials completely offline.It behaves like a regular USB keyboard: when you select a saved account, it simply types your login details automatically — no software or internet connection required.
🔌 Does it need an app or subscription?
No.ZeroKeyUSB does not depend on any software, extensions, or subscriptions.
It works instantly when plugged into any computer, phone, or tablet that accepts a USB keyboard.
💻 What devices is it compatible with?
ZeroKeyUSB works universally with:- Windows
- macOS
- Linux
- Android (via USB-C or adapter)
- iPadOS (USB-C models)
🔋 Does it have a battery?
No.ZeroKeyUSB draws minimal power (around 20 mA) directly from the USB port.
This makes it maintenance-free and ensures your credentials are always available — even years later.
🧑💻 How many credentials can it store?
Up to 62 encrypted credentials, each containing:- Website or service name (up to 16 characters)
- Username or email (up to 16 characters)
- Password (up to 16 characters)
- (Optional) TOTP 2FA secret
Security
🔐 How are my passwords protected?
Your credentials are protected by three layers:- AES-128 CBC encryption — every credential is encrypted with a 128-bit key generated by the ATECC608A hardware random number generator. This key is unique to your device.
- PIN verification — your Master PIN is hashed with SHA-256 using the chip’s unique serial number as salt. The hash is compared in constant-time to prevent timing attacks.
- Hardware rate-limiting — a monotonic counter in the ATECC608A secure element tracks every PIN attempt. After 50 consecutive wrong attempts, all data is permanently wiped.
🧠 What happens if I forget my PIN?
For security reasons, there is no PIN recovery.The only option is a Factory Reset, which wipes all encrypted data and lets you create a new PIN.
This ensures that no one — not even the manufacturer — can access your information.
💡 Tip: Choose a memorable PIN and keep an encrypted backup of your credentials.
🕐 Does it connect to the Internet?
Never.ZeroKeyUSB is a fully offline system.
It has no Wi-Fi, Bluetooth, or NFC modules, and it never exchanges data with external servers.
You are the only one who can access the stored information.
💾 Can someone clone my device?
No.Each ZeroKeyUSB contains an ATECC608A secure element with a factory-programmed, unique 9-byte serial number. This serial is used as a salt in the PIN hash, meaning the same PIN on two different devices produces completely different cryptographic keys.
The 128-bit AES master key is also device-unique (generated by the on-chip TRNG at provisioning).
🚫 What happens after too many wrong PIN attempts?
Two levels of protection: Soft backoff (UX layer):| Failed attempts | Waiting time |
|---|---|
| 1 | 5 seconds |
| 2 | 10 seconds |
| 3 | 20 seconds |
| 4 | 40 seconds |
| … | Doubles up to 43 minutes |
🧰 Can the firmware be updated?
Yes, but only with physical access.From the menu (Danger Zone → Bootloader Mode), the device reboots into a USB DFU bootloader.
New firmware must be cryptographically signed — the bootloader checks both a CRC32 and a BLAKE2s MAC before accepting any image. Unsigned firmware triggers a 15-second penalty delay. There is no remote or over-the-air update mechanism.
🔍 Is it really open source?
Yes — for transparency and auditability.Publishing the code lets anyone verify that:
- There are no backdoors or data collection mechanisms.
- Encryption follows established standards (AES-128, SHA-256, HMAC-SHA1).
- All functions operate exactly as described.
Usage
🌍 The keyboard types wrong symbols — what can I do?
Go to Menu → Settings → Keyboard and cycle through the 9 supported layouts:EN-US, DA-DK, DE-DE, ES-ES, FR-FR, HU-HU, IT-IT, PT-PT, SV-SE.
You can also set this during the initial setup wizard.
🧾 Can I back up my data?
Yes.Use Menu → Backup → Export to send all credentials over USB serial in plaintext CSV format.
You can later Import the same backup.
⚠️ Backup files are plaintext. Encrypt them with GPG, age, or a password-protected ZIP, and store offline.
⏱️ How does the 2FA (TOTP) feature work?
ZeroKeyUSB can generate time-based one-time passwords (TOTP) offline.It supports SHA-1, SHA-256, and SHA-512 algorithms.
Once you import a TOTP secret and sync the time, the device displays a 6-digit code with a 30-second countdown — without needing your phone or Internet.
🧼 Is it waterproof?
Yes.Each ZeroKeyUSB unit is fully resin-encapsulated, making it resistant to water, dust, and everyday wear.
It is not designed for submersion, but it will survive accidental spills or rain exposure.
🧱 What if the screen breaks?
Your data remains safe — it’s still encrypted inside the EEPROM.However, you’ll need to contact support for a replacement, as the device cannot be disassembled without breaking the resin seal.
You can still export your credentials via the USB serial interface (the CDC channel works without the display).
🛡️ How long will it last?
ZeroKeyUSB has no moving parts or batteries.The EEPROM is rated for >1 million write cycles per page, and all other components are solid-state.
With normal use, it should last well over a decade.
💬 How can I contact support?
For any questions, reach out directly at📧 support@zerokeyusb.com
or visit zerokeyusb.com/support
ZeroKeyUSB is designed to give you peace of mind — you own your passwords, and your data never leaves your hands.