Security

We employ best in class security that is constantly reviewed.

End-to-end Encryption

Passpack embodies the Zero Knowledge Security Model, providing the highest level of security and privacy – all customer information held on our servers is fully encrypted using military-grade 256 AES encryption. Only Passpack end users have access to their own data and credentials with their own user-defined encryption keys. Passpack never has access to confidential customer information stored in the Passpack environment.

Packing Keys

When setting up a Passpack account, each user will be asked to define their Username, Password and define a unique secure Packing Key utilizing the AES-256-GCM Encryption for an additional layer of security. The Packing Key adds a critical fundamental level of protection for the end users. The encryption code (Packing Key) must be entered to unlock their passwords and other confidential information in their Passpack account. This ensures that only the end-user can access and retrieve information from their Passpack account.

Secure Password Sharing

When passwords are shared between Passpack users and teams, they are done so in a fully encrypted format utilizing the 256-AES encryption standard. The decryption of information only takes place on the end user’s system (client-side).

Meta Data Storage

All end-user information is stored using 256-AES encryption; this includes important Meta Data associated with an individual Passpack account that could be used for malicious purposes. The Encrypted Meta Data stored in a Passpack account includes such items as Passwords Names, URLs, e-mails, IP addresses, Password Strength ------

Additional Security Considerations

Passpack infrastructure meets the highest standards of security, integrity, and stability, and we have the right control mechanisms to ensure it. In the highly improbable event of server security being breached, the data is encrypted and would be unusable without the associated end-user packing key that is knowledge-based, i.e., in the event your device is compromised, you remain secure. Passpack and Passpack employees do not have access to end-user account information or packing keys. In addition, Passpack supports industry-standard Multi-Factor Authentication with Google and Microsoft Authenticator and YubiKey for greater security.

Get Started with Passpack Today