Password managers that encrypt URL metadata

Every major password manager encrypts your passwords. Fewer encrypt the metadata that surrounds them — the website URLs, vault item titles, and usernames saved alongside credentials. This distinction matters because the 2022 LastPass breach made it concrete: attackers obtained encrypted vault data alongside the unencrypted list of every website each affected user has accounts on. The passwords were protected by encryption. The map of each person's digital life was not.

Metadata encryption is not a widely advertised feature because most providers don't offer it. The assumption has been that URLs are not sensitive. The LastPass incident challenged that assumption directly: knowing which websites someone uses enables targeted phishing, informed credential stuffing, and social engineering that a list of random encrypted blobs does not.

Quick answer

You want full field encryption including URLs and titles

Proton Pass — the only provider in this comparison that encrypts URL metadata, titles, and usernames as well as passwords

When it matters

Proton Pass encrypts all vault item fields end-to-end: the website URL, the item title, the username, any notes, and the password itself. An attacker who accesses Proton's server infrastructure sees encrypted blobs with no readable structure — not just encrypted passwords alongside readable URLs.

Every other provider in this comparison stores URL metadata in plaintext on their servers. This is standard industry practice and predates widespread metadata threat awareness. It is not a sign of negligence; it is an architectural choice made when the password was considered the only sensitive field.

Bitwarden — passwords encrypted; URLs stored in plaintext on servers
LastPass — passwords encrypted; URLs stored in plaintext (confirmed exposed in 2022 breach)
Dashlane — passwords encrypted; URL metadata not encrypted
Keeper — passwords encrypted; URL metadata not encrypted
NordPass — passwords encrypted; URL metadata not encrypted
Proton Pass — all fields including URL, title, and username encrypted end-to-end

When it fails

Metadata encryption only protects against server-side exposure — if your device is compromised and the vault is unlocked, all fields are visible regardless of server-side encryption
Proton Pass is a newer product — the metadata encryption architecture is sound and audited, but the product has a shorter track record than Bitwarden or Dashlane
No emergency access feature — Proton Pass does not currently offer a trusted-contact emergency access mechanism

How providers fit

Proton Pass is the only provider in this comparison that encrypts URL metadata. This is the architectural response to the gap the 2022 LastPass breach exposed. Swiss jurisdiction, open-source clients, Cure53 audit, and SimpleLogin email alias integration complete the privacy stack. The free tier is unlimited.

Bottom line

If metadata encryption is a requirement, Proton Pass is the only option in this comparison. If you want strong encryption without metadata coverage, Bitwarden offers the most auditable alternative. The metadata encryption gap is a real architectural difference — the LastPass breach made it impossible to dismiss as theoretical.

Privacy-focused password managers Is LastPass still safe after the 2022 breach Password managers by jurisdiction