The secure alternative to Dropbox & Co.
Your files and passwords are safe with SecureSafe. We guarantee high-level security through internationally recognized encryption methods, triple redundant data storage and strong user authentication. On this page, we provide an overview of various technical security mechanisms and demonstrate how the SecureSafe service differs from other cloud providers.
|Cryptographic authentication system||N/A|
|Two-factor authentication (in addition to password)|
|Secure mobile access||N/A|
|Secure password reset|
|Zero knowledge (privacy protection)|
|Personal key for each individual user|
|Individual file encryption|
|SSL/TLS data transfer|
|Additional data transfer encryption|
|Server location||Switzerland||USA||USA||EU / USA||N/A|
|Multiple data storage|
|Secure file sharing with download link and security code|
|Different user roles and rights|
|Secure PDF and image viewer||N/A|
|Secure file synchronization|
Login procedure and authentication
SecureSafe protects files and passwords through the “Secure Remote Password Protocol”. This highly efficient security protocol, which was developed by Stanford University (RFC 2945) protects SecureSafe against various forms of cyber attacks.
Additional protection through SMS codes
In order to guarantee additional data protection, we use a two-step login procedure (mobile TAN), also commonly used in online banking solutions. When this feature is activated, users will receive an additional login code via SMS each time they want to log in to their account. In this way, SecureSafe accounts will remain protected even if a third party gains access to user login credentials.
DoubleSec: secure login on-the-go
Our apps for iOS and Android, as well as SecureSafe Client for PCs and Macs, all feature a two-step login procedure. In order to simplify the use of this additional account protection feature, we have developed "DoubleSec", which automates the second step of the login procedure.
Password generator with automatic security check
The built-in password generator suggests strong passwords and informs users whether or not a newly created password is secure. Together with our long-term partner, Zurich University of Applied Sciences (ZHAW), we have developed a method for creating strong passwords, which are nonetheless easy to remember.
SecureSafe encrypts all client data using highly secure and internationally renowned encryption methods. The key, which is needed for decryption, is calculated directly from the user vault using PBKDF#2 (RFC 2898). User vaults are therefore well-protected against ill-intentioned hackers.
We use AES-256 and RSA-2048 encryption standards. These encryption methods have been designed to offer long-term protection.
Double protection during file transfer
SecureSafe encrypts data twice during uploading or downloading from a device to a user's online account. In addition to transfer encryption (HTTPS), data is also encrypted using an AES-256 encryption, thus ensuring complete protection of sensitive data. This means that data will remain protected even in the event the HTTPS protection is attacked. The additional encryption is particularly efficient in protecting against man-in-the-middle-attacks (MitM), for example in internet cafés and airports.
SecureSafe uses EV SSL certificates. These are granted only to eligible companies following a strict validation procedure. EV certificates can be recognized by the activation of a green address bar in all major browsers.
Transparent crypto architecture
All data stored in SecureSafe accounts is encrypted by way of a multi-layered cryptographic architecture. Our security architecture has been made openly available with multiple testing by third parties.
SecureSafe relies on two certified data centers, which fulfill the requirements of the Swiss Financial Market Supervisory Authority FINMA. One of the data centers is located in a former military bunker deep in the Swiss mountains.
Multiple data storage
All files are protected by a disaster recovery plan, set up in such a way that all files are stored three times in two geographically distinct data centers.
Self-managed server infrastructure
Internal SecureSafe system engineers run a completely self-managed server infrastructure in both data centers. The infrastructure was built in accordance with the NIST BSI security guidelines. It is monitored 24/7 and protected by automatic alarms.
External security checks
SecureSafe regularly undergoes vulnerability checks by leading security experts to ensure system integrity.
Data privacy protection is our number one priority, with a number of security mechanisms directly incorporated into the architecture of the SecureSafe application. In this way, users can rest assured that personal data will be protected at all times.
No access to user data, not even by SecureSafe
To ensure maximum data protection, SecureSafe never stores and therefore can never access user passwords. Due to this zero knowledge policy, we are also unable to reset passwords if they are forgotten. It is therefore of paramount importance to print out your recovery code, which can then be used to reset a lost or forgotten password. This code must be kept in a safe place.