What does zero-knowledge mean in a password manager?
Zero-knowledge means only you can open your vault: everything is encrypted on your own device with your master password, which the provider never knows. Even if their servers are hacked, or a government comes asking, there is nothing readable to hand over.
In a zero-knowledge architecture, all encryption and decryption happens on your device. What travels to the provider's servers is already unreadable ciphertext; the key (derived from your master password) never leaves your device. The provider literally cannot look into your vault: not for support, not for advertising, not under legal pressure.
This is the standard among serious managers: 1Password, Bitwarden, NordPass, Proton Pass, Keeper, and Dashlane all work this way. The differences are in verifiability: open source managers like Bitwarden and Proton Pass let anyone inspect the code, and periodic external audits confirm the architecture holds. 1Password adds an extra Secret Key, so even a weak master password is not enough for an attacker.
The flip side is in your hands: because nobody can reset your master password, the safety net (recovery code, emergency contact, or family recovery) is something you set up in advance. Do it on day one.