Does your password manager trust you — or do you trust it

The trust question in password management is usually framed in one direction: can you trust the password manager company? That question is valid. It misses the complementary question that the design of the product itself answers: does the product trust you to make your own decisions?

A password manager that trusts you gives you the master password as the single point of control. Forget the master password and the vault is inaccessible — because you are the only one who should be able to get in. A password manager that trusts you gives you export functionality without restrictions. A password manager that trusts you makes self-hosting possible because it doesn't need to keep you on its platform to maintain control.

A password manager that doesn't trust you keeps the ability to reset your access, limits exports to prevent switching, restricts device access to maintain premium conversions, or makes the transition away from the product difficult. These design choices reveal how the company models its relationship with the user.

The assumption 'account recovery options show the company cares about users' has two interpretations depending on how recovery is implemented. Recovery options that work by giving you more recovery paths you control (backup codes, emergency contacts, recovery phrases) reflect trust in you. Recovery options that work by giving customer support the ability to override access reflect trust in the company's processes over your cryptographic control. Zero-knowledge account recovery is additive; account recovery that bypasses zero-knowledge is a reduction in the security model.

A second assumption is that free tier restrictions are neutral pricing decisions. Free tier restrictions reveal what the company considers leverage: limiting device access keeps users from leaving, even when the underlying product could support unlimited devices at negligible cost. LastPass's 2021 free tier restriction — from unlimited devices to one device type — is legible as a pricing decision and simultaneously legible as a strategy to make the free tier painful enough to convert users. The product trusted you with unlimited access until it needed to monetise more aggressively.

A third assumption is that data portability is a minor feature. The ease with which you can leave a product is one of the strongest signals of the company's trust in its own product. A company confident in its product makes leaving easy — good exports, standard formats, no friction. A company that fears departure restricts exports, makes format conversions difficult, or designs the vault structure in ways that don't map cleanly to competitors' formats.

Products that structurally trust users: Bitwarden provides full vault exports in multiple formats including encrypted JSON that travels to any destination. It provides self-hosting. The free tier has no device caps. Emergency access is configurable by you, not by customer support. The master password is the only path in — there is no backdoor regardless of circumstance.

Products with mixed signals: LastPass historically offered unlimited free access and then restricted it when business pressures changed. The 2022 breach disclosures were staged and incomplete in ways that prioritised legal protection over user clarity. The post-breach iteration count increases were meaningful improvements — but they were improvements from settings that were inadequate before the breach occurred.

The trust question and the security question are related but distinct. A product can be cryptographically sound while being commercially structured in ways that prioritise retention over user autonomy. A product can have good commercial ethics while having less robust cryptography. Evaluating both dimensions separately, then considering how they combine, is more accurate than collapsing them into a single trust judgement.

Commercial trust and cryptographic trust are related but independent properties. A company with excellent user-autonomy design can still have a breach. A company with commercial practices you find unsatisfying may have strong cryptographic architecture. This guide addresses the commercial trust dimension; the security architecture dimension requires separate evaluation.