ZenyPass makes it easy to follow the key principles to protect your online data:
ZenyPass is a digital vault that memorizes your passwords for you, and allows you to connect to your online accounts in a few clicks.
You no longer have to remember or type passwords. It is therefore easy to use non memorizable, long and random passwords, for each of your online accounts. To connect to any website, you will only need your ZenyPass password.
In addition, ZenyPass is available and secure on all the devices of your choice: computer, tablet, smartphone. You can therefore comfortably access your passwords in all circumstances.
Rules of thumb to protect access to any data:
The content of each ZenyPass vault:
ZenyPass protects the content of each vault by encrypting it directly on the user's device, before even storing it, or transferring it to our servers. An audit of the encryption algorithm was carried out by an independent company (Cure53), confirming the robustness of its implementation.
The keys used for encryption are particularly complex, and are never transmitted to our servers: only the user's devices can access them, and each authorized device has its own key.
They are themselves encrypted, and can only be deciphered with the user's ZenyPass password.
End to End encryption
Open source cryptography (OpenPGP.js)
Good to know
Since your data can only be deciphered on the devices you specifically authorize, you can define a relatively simple ZenyPass password to unlock your vault. Even if your ZenyPass password were to fall in the hands of a malicious attacker, the content of your vault would still not be decipherable without access to your device.
The content of your vault is completely private and confidential.
You do not give us your data: we have no way to access it!!
Accessing a vault requires:
The keys that are necessary to decipher the content of a vault are generated and maintained by the user's authorized devices, and are exclusively stored locally on these devices. Since we don't have access to these devices, we cannot access these keys, and therefore, we cannot decipher or access the content of any vault.
The data you save in ZenyPass is therefore never shared.
We can't know what's in your vault, we can't sell it, we can't share it with anyone.
Built-in two-factor authentication
Not only do we not have access to your passwords, but as ZenyPass encrypts all the data you store, we do not have access to the names or URLs of the accounts you add, your identifiers, your comments, etc....
The content of a vault is exclusively stored in encrypted format on the user's authorized devices and on our servers.
The keys to decipher this content are exclusively stored on the user's authorized devices, never on our servers.
ZenyPass is not a website like any other: it is a web application. Unlike traditional applications, a web application runs in your web browser. But like other applications, ZenyPass runs locally on your device, not on our servers.
Therefore, ZenyPass encrypts your data locally on your devices, so that only encrypted data can be stored or sent to our servers.
On your devices
On our servers
Your data can only be deciphered with your ZenyPass password, and only on devices that you have authorized.
A theft of data stored on ZenyPass servers would not expose your passwords, credentials, nor any other data stored in your vault.
Our servers only contain useless data:
The best way to prevent a theft of the data you store in ZenyPass, is to never have access to it.
This is one of the reasons why we do not have the ability to decipher your data.
Your encrypted data is copied to our servers so that it can be synchronized between your authorized devices. This encrypted data has no value and is useless without the keys to decipher them. However, these keys, themselves encrypted, are only stored on your devices.
The encrypted data on our servers can therefore only be deciphered on your authorized devices: a data theft on our servers has no consequence for the cleartext data you manage in ZenyPass (passwords, credentials, websites).
Good to know
Even though the data on our servers is unusable without one of your devices and your ZenyPass password, our servers are obviously additionally protected against intrusion.
A penetration test conducted by the company Thalès confirmed the robustness of this protection.