Have you already tried our new SecureSafe for Teams service? If so, you may have asked yourself: how does the invitation process work?
Highly-secure and internationally renowned encryption
methods (AES-256 using PBKDF#2, RSA-2048) for the encryption
of all customer data.
Strong User Authentication:
Encryption on the user computer/iPhone/iPad:
Secure Document Viewing:
Highest protection of user credentials, meta-data and passwordsafe entries:
All user files are encrypted with SSL:
Servers Security:
Datacenter Security:
All customer data is stored in highly-secure Swiss datacenters.
The SecureSafe application is operated only in Swiss datacenters. SecureSafe relies on several redundant datacenters, which all fulfill the requirements of the Swiss banking commission. The data and passwords you place in your SecureSafe are stored securely in a former Swiss military bunker in the Swissmountains.
All user data are encrypted strongly. Each document receives its own encryption.
In contrast to many other companies, SecureSafe provides customer specific encryption for your data. This means that each document has its own key, and this security key is hung on a customer-specific key-ring.
SecureSafe encrypts all customer data using a selection of highly-secure and internationally renowned encryption methods. The key required to decrypt your data is created directly from your password using PBKDF#2 (RFC-2898). Your SecureSafe online safe is thus protected from malicious hackers. Even SecureSafe can never view your stored data and passwords.
AES-256 and RSA-2048 are used as encryption standards. These encryption methods are designed to provide a maximum level of protection for many years.
Data encryption also in RAM
For example, SecureSafe also encrypts passwords in the memory of yourcomputer while you are working. A password is temporarily decrypted and displayed only when you actually use and view it.
Data encryption on iPhone/iPod/iPad and Android smartphones with AES-256
SecureSafe does not rely on the protection provided by Apple or Google. SecureSafe uses AES-256 to encrypt all the data that is buffered on your mobile phone.
This is why SecureSafe users have been protected from all the attacks on iPhones or Android systems up until now.
Even if your phone is stolen or hacked, your data will be protected because although an attacker may have comp-lete access to all your phone data, access to your SecureSafe data still requires your password.
Double protection for your data when being transferred over the internet
SecureSafe uses EV SSL certificates. EV certificates are only given to companies that have been explicitly verified. You can recognize the EV certificate by the background color in the address field of your browser.
In addition to SSL protection, SecureSafe uses a session key to encrypt particularly sensitive data such as your user data and passwords saved in SecureSafe. This additional encryption provides extra protection against man-in-the-middle attacks, for example at internet cafés or airports.
In contrast to other methods, SecureSafe NEVER has to buffer your personal password or elements derived directly from it!
SecureSafe has implemented the Secure Remote Password Protocol.
This is a highly-secure method that was created at Stanford University (RFC 2945), and means that SecureSafe is particularly well protected from an entire range of current internet attacks but still remains easy to use.
SecureSafe cannot view either your stored data or your login information.
This means that your data and passwords stored in your online safe remain optimally protected. However, this also means that you should never forget your login information, or else your data will be lost.
To be on the safe side, use your personal "Login Recovery Code". You can create and print this directly from your account when you register or at a later date. Keep your personal "Login Recovery Code" in a safe and secure place.
Help in choosing strong passwords:
SecureSafe indicates whether the password you have chosen is truly strong or not. SecureSafe cooperated with Zurich University of Applied Sciences (ZHAW) to develop a method for SecureSafe to create easy-to-remember yet strong passwords.
Optional: Strong text-message (SMS) authentication with SecureSafe DoubleSec:
SecureSafe offers you SMS authentication (mobile TAN), which means you will receive an additional code by SMS text for every login. This protects your SecureSafe account even if your password is revealed to an attacker.
DoubleSec improves the usability of SMS authentication on personal mobile devices and protects against further attacks. The SecureSafe apps for iPhone/iPad/iPod/Android also offer you secure 2-factor authentication with password and an additional one-time code via an SMS text.
Strong SMS authentication is included in all paid SecureSafe subscriptions (starting at just CHF 1.50 per month).
Read more about DoubleSec
The world-leading external vulnerability assessment from McAfee protects against internet crime and hacker attacks.
Dr. Tobias Christen
CEO
Michael Tschannen
Head of Security
CTO Dr. Tobias Christen is the co-founder of the world's largest community of security architects, OpenSecurityArchitecture.org, and is actively involved in the Swiss OWASP. Before Dr. Tobias Christen co-founded DSwiss AG (provider of SecureSafe), he was responsible for designing the security architecture of a large international insurance company and was the Technology Manager of a large European IT security product company.
Head of Security Michael Tschannen is known for his contributions to smartphone security. Thanks to his earlier experiences with "pen testing", he understands how hackers attack systems and how critical systems mustbe protected.
The SecureSafe Security Team is involved in several research projects together with leading universities and internationally renowned experts.
Have you already tried our new SecureSafe for Teams service? If so, you may have asked yourself: how does the invitation process work?
There is no "Forgot Password" button anywhere on the SecureSafe service. This is a deliberate omission on our part. However, there is a simple way to recover your SecureSafe account...