How Secure Is Your Password When It’s Stored in the Cloud?
We designed Cyclonis Password Manager to allow users to store their data on the Internet and access it from multiple devices. Does this mean that you'll be more vulnerable to having your accounts stolen? No, it doesn't.
We understand that you need your data on all your computers, and the only way you can do that is to have it synchronized over the Internet. We wouldn't let you do it, however, unless we're sure that all the precautions necessary to protect it have been taken. Here are the precautions in question.
It should be clear that we shouldn't leave your passwords hanging around in plain text. Nobody should do that. At the same time, you need to be able to use your data, which means that we had to implement a solution that lets you view the information once you provide your master password. In other words, we had to use encryption.
We picked AES-256 as the algorithm for encrypting your data for a couple of main reasons:
- It's strong. Established in 2001, the Advanced Encryption Standard (or AES) has become famous for being the first publicly accessible cipher used for protecting Top Secret information by the NSA.
- It's quick. The 256 in AES-256 denotes the length of the encryption key (256 bits). This particular length strikes the perfect balance between security and speed. You could try encrypting information with an even longer key, but that would require too much time and computer resources. At the same time, with a 256-bit key, the encryption is still strong enough.
Obviously, there's no point encrypting the data when it's already been stolen. Cyclonis Password Manager scrambles your login credentials and the rest of the information while it's still on your device. Not a single bit of data leaves your computer in plain form.
All the incoming and outgoing connections Cyclonis Password Manager makes are done through the HTTPS protocol. HTTPS is a branch of the HTTP protocol which encrypts the information while it's been transferred from your computer to the remote server. It ensures that the data can't be intercepted or tampered with in any way.
Trusted cloud storage providers
You probably have an account at a cloud storage provider. You do because its services give you a convenient way of having your files on all your devices. You trust them with your family photos, your important documents, and the projects you've worked on. Now, you can trust them with your encrypted vault.
The storage of your vault will be handled by the provider of your choice. You can pick one from the following list:
- Google Drive
- Apple iCloud
- Microsoft OneDrive
We made the conscious decision to let you, the user, decide where you want to store your vault for a few simple reasons. First of all, it gives you more control. If, for example, you prefer Apple's iCloud to Microsoft's OneDrive, you have the choice. And if you have a change of heart in the future, you can easily transfer your vault to one of the other providers. Furthermore, every single one of these companies has millions of customers and terabytes upon terabytes of data to protect. They've taken numerous steps to ensure that their security is as good as it can be.
As we mentioned already, Cyclonis Password Manager encrypts your vault, and it won't decrypt it unless you enter your master password. In the unlikely scenario of someone having access to your master password, we've put an additional mechanism in place to ensure that your data remains in your possession. Enabled by default, our Two-Factor Authentication system won't let you (or anyone else) access your usernames and passwords from an unauthorized device without an additional verification code. This code is emailed to the address associated with your Cyclonis Password Manager account as soon as a login attempt is detected from a new computer.
We understand that a lot of people don't feel comfortable storing their sensitive data in the cloud. Some of them don't understand that with the right mechanisms in place, they have nothing to worry about, and hopefully, with the previous few paragraphs, we've managed to give them an insight into how these mechanisms work. If you still think that the cloud storage option is not for you, you can always choose to have your Cyclonis Password Manager vault stored on your local hard drive. The choice is yours.