Encryption
SecureSafe encrypts all client data using highly secure and internationally renowned encryption methods. The key, which is needed for decryption, is calculated directly from the user vault using PBKDF#2 (RFC 2898). User vaults are therefore well-protected against ill-intentioned hackers.
We use AES-256 and RSA-4096 encryption standards. These encryption methods have been designed to offer long-term protection.
SecureSafe encrypts data twice during uploading or downloading from a device to a user's online account. In addition to transfer encryption (HTTPS), data is also encrypted using an AES-256 encryption, thus ensuring complete protection of sensitive data. This means that data will remain protected even in the event the HTTPS protection is attacked. The additional encryption is particularly efficient in protecting against man-in-the-middle-attacks (MitM), for example in internet cafés and airports.
Login procedure and authentication
SecureSafe protects files and passwords through the “Secure Remote Password Protocol”. This highly efficient security protocol, which was developed by Stanford University (RFC 2945) protects SecureSafe against various forms of cyber attacks.
In order to guarantee additional data protection, we use a two-step login procedure (mobile TAN), also commonly used in online banking solutions. When this feature is activated, users will receive an additional login code via SMS each time they want to log in to their account. In this way, SecureSafe accounts will remain protected even if a third party gains access to user login credentials.
Our apps for iOS and Android, as well as SecureSafe desktop app for PCs and Macs, all feature a two-step login procedure. In order to simplify the use of this additional account protection feature, we have developed "DoubleSec", which automates the second step of the login procedure.
.svg)
The built-in password generator suggests strong passwords and informs users whether or not a newly created password is secure. Together with our long-term partner, Zurich University of Applied Sciences (ZHAW), we have developed a method for creating strong passwords, which are nonetheless easy to remember.
Data storage
SecureSafe relies on two certified data centers, which fulfill the requirements of the Swiss Financial Market Supervisory Authority FINMA. One of the data centers is located in a former military bunker deep in the Swiss mountains.
All files are protected by a disaster recovery plan, set up in such a way that all files are stored three times in two geographically distinct data centers.
Internal SecureSafe system engineers run a completely self-managed server infrastructure in both data centers. The infrastructure was built in accordance with the NIST BSI security guidelines. It is monitored 24/7 and protected by automatic alarms.
SecureSafe regularly undergoes vulnerability checks by leading security experts to ensure system integrity.
