This security statement describes PasswordPal practices with respect to private information that may be obtained
through PasswordPal services and website. Questions about PasswordPal security may be submitted to PasswordPals
support team by contacting us. This security statement applies to PasswordPal only.
Secure Socket Layers (SSL) Certificate
Transmission of sensitive information between users computer and PasswordPal's website is protected using
Secure Socket Layer (SSL). 256-bit SSL ensures that all information typed
by a user is completely encrypted and cannot be seen by anyone.
Please make sure that your connection is
protected using SSL Certificate while working with your confidential information (register to our sevice,
add/view your passwords, notes or download files uploaded before).
Please look at browser's address bar:
URL in your browser's address bar should begin with https://www.passwordpal.net (or https://passwordpal.net) -
the 's' after 'http' indicates: this is a secure page.
You also must have a 'padlock' in the bottom right-hand corner or top right-hand corner of your browser
(exact position depends on the browser you use), or if using Firefox, part of the address bar should be blue. Click the padlock or blue area to verify that the security certificate
is issued to www.passwordpal.net (or passwordpal.net).
Confidential Data Encryption
PasswordPal uses Triple DES, powerful cryptographic algorithm to encode all confidential data.
Triple DES encryption would take hundreds and hundreds of years to crack encryped data even if you use the most
powerful machines involved into cryptography industry. Triple DES encryption system works only 1 way meaning that
all data can only be accessed by the owner of the encryption key. This key is based on your password.
We don't keep neither your password nor encryption key on our servers. If the author were to ever forget their
PasswordPal password all of their data would have to be reset and could never be recovered.
Even if a hacker did ever manage to find and hack the database, the information would be useless without each
members' encryption key. So a hacker would have to spend hundreds of years unlocking each individuals encryption key
and then all of their data.
Website Application Integrity
We monitor the integrity of our website application 24/7/365 to avoid any hackers' attempts to integrate malicious code, badware,
viruses or any kind of spyware code which can make security holes in our system. Once we get any alerts, we close any 'bad' connections immediately.
Login attempt monitoring
We monitor login attempts. Once you (or any potential thief) enters a password 3 times incorrectly, the account is deactivated
and corresponding message is sent to the account owner. After an account is deactivated nobody can use it before it becomes active again.
Only account owners can activate their accounts.
Daily secure backups
We backup all information daily to ensure that data is never lost.