SoftSol

Titan Password Vault

Private · Self-hosted · Zero-knowledge encryption

Titan is SoftSol’s private, self-hosted password management platform for organisations. Every password, every credential, every secure note is encrypted entirely on your own devices before it ever leaves them. SoftSol manages the server — but we cannot read your vault. Nobody can, without your master password.

What you get

Unlimited Password Storage

Store passwords, passkeys, credit card details, secure notes, and identity records. No artificial per-item limits.

Organisation & Team Sharing

Create shared collections for teams — IT, finance, operations. Each collection has its own access controls. Individuals only see what they are permitted to see.

Browser Extensions

Auto-fill credentials in Chrome, Firefox, Edge, and Safari. Detect weak, reused, or breached passwords as you browse.

Mobile Clients

Native apps for iOS and Android with biometric unlock (Face ID, fingerprint). Your vault syncs instantly across all your devices.

Desktop Clients

Full-featured desktop applications for Windows, macOS, and Linux. Works offline and syncs when connectivity is restored.

Two-Factor Authentication

Enforce 2FA for all users at the organisation level. Supports authenticator apps, hardware security keys (FIDO2/WebAuthn), and email codes.

How the encryption works

Understanding the architecture is important — it is what makes Titan fundamentally different from storing passwords in a browser or a shared spreadsheet, and it is what makes the guarantee that nobody else can read your vault technically enforceable rather than a marketing claim.

1

Your master password never leaves your device

When you set your master password, it is not sent to the server — not in plain text, not hashed, not in any form. Instead, your device uses it as raw material for the next step. The server never receives it and therefore cannot store, leak, or be compelled to reveal it.

2

A vault key is derived from your master password — on your device

Your device runs your master password through a slow, computationally expensive one-way key derivation function (Argon2id or PBKDF2 with a high iteration count). This produces a cryptographic key — your vault key. The algorithm is deliberately slow so that even if an attacker obtained encrypted data, guessing your password by brute force would take an impractical amount of time. The vault key is held in memory only while the app is unlocked and is never written to disk.

3

All vault data is encrypted locally with AES-256 before leaving your device

Every item in your vault — passwords, notes, card numbers — is encrypted using AES-256-CBC with your vault key before it is transmitted to the server. The server receives and stores only ciphertext: a block of random-looking bytes that is mathematically unreadable without the vault key that produced it.

4

The server stores only encrypted blobs — it has no decryption key

SoftSol’s Titan server manages the sync infrastructure: it receives encrypted vault data, stores it, and delivers it to your authorised devices. It has no vault key and no knowledge of your master password. An attacker who gains full access to the server obtains only encrypted ciphertext — which is useless without the key that exists only in your memory and on your unlocked device.

5

Decryption happens on your device, not on the server

When you unlock your vault, your device downloads the encrypted blob and uses your locally-derived vault key to decrypt it entirely in the client app. Your plaintext passwords are only ever visible on your device, inside the app, while it is unlocked. This is what end-to-end, zero-knowledge encryption means in practice.

Your master password cannot be recovered — by anyone

Because SoftSol never holds your master password or vault key, we cannot reset it or recover it for you. If you forget your master password, your vault data is irretrievably locked. This is a deliberate design choice, not a limitation — it is the same property that makes Titan trustworthy. Treat your master password with the same seriousness as the key to a physical safe. We strongly recommend storing it in a secure, offline location (a printed emergency kit in a fireproof safe, for example).

In plain terms: what this means for your business

  • SoftSol operates the server infrastructure — but we cannot see your passwords.
  • If the server were ever breached, an attacker would obtain only encrypted data — completely unreadable without your master password.
  • A subpoena or legal demand served on SoftSol cannot compel us to produce your passwords — we do not have them.
  • Your team can share credentials in controlled, audited collections without ever emailing or messaging a password.
  • When a staff member leaves, their access is revoked centrally — no hunting for shared passwords to change.

Supported clients

iOS

iPhone & iPad, Face ID / Touch ID

Android

All Android devices, fingerprint unlock

Desktop

Windows, macOS, Linux native apps

Browser Extensions

Chrome, Firefox, Edge, Safari

The Platform

SoftSol Password Manager — Titan

Titan runs on SoftSol’s own private infrastructure. Credentials, secure notes, and identities — protected by end-to-end encryption that only you hold the keys to.

Your data never leaves SoftSol’s servers. Unlike cloud-based password managers that sync credentials to third-party infrastructure, Titan runs exclusively on hardware we control — in South Africa, POPIA-aligned, and auditable.

End-to-End Encrypted

AES-256 on your device before sync. The server never sees your plaintext credentials — not even SoftSol.

AES-256-CBC · PBKDF2 · RSA-2048

Organisation & Team Sharing

Share credentials across teams with fine-grained collections, groups, and permissions — without sharing master passwords.

Organisations · Collections · Groups

Audit & Vault Health

Built-in breach checks, weak and reused password detection, and event logs — so you stay ahead of credential exposure.

Breach Check · Vault Health · Event Logs

  • Zero-knowledge design — master password never transmitted to the server
  • HTTPS enforced with TLS 1.3 — all traffic encrypted in transit
  • POPIA-aligned data handling — your data, your control, stored in South Africa
  • Two-factor authentication supported and enforceable for all accounts
Open Titan

Ready to take control of your organisation’s credentials?

Contact SoftSol to set up Titan for your team — including onboarding, migration from your current tool, and training your staff on the emergency kit process.

Contact SoftSol