This security statement describes PasswordPal practices with respect to private information that may be obtained through PasswordPal services and website. Questions about PasswordPal security may be submitted to PasswordPals support team by contacting us. This security statement applies to PasswordPal only.
Transmission of sensitive information between user's computer and PasswordPal's website is protected using Secure Socket Layer (SSL) Certificate issued by Comodo. 256-bit SSL ensures that all information typed by a user is completely encrypted and cannot be seen by anyone. Please make sure that your connection is protected using SSL Certificate while working with your confidential information (register to our sevice, add/view your passwords, notes or download files uploaded before). Please look at browser's address bar: URL in your browser's address bar should begin with https://www.passwordpal.net (or https://passwordpal.net) - the 's' after 'http' indicates: this is a secure page. You also must have a 'padlock' in the bottom right-hand corner or top right-hand corner of your browser (exact position depends on the browser you use), or if using Firefox, part of the address bar should be blue. Click the padlock or blue area to verify that the security certificate is issued to www.passwordpal.net (or passwordpal.net).
PasswordPal uses Triple DES, powerful cryptographic algorithm to encode all confidential data. Triple DES encryption would take hundreds and hundreds of years to crack encryped data even if you use the most powerful machines involved into cryptography industry. Triple DES encryption system works only 1 way meaning that all data can only be accessed by the owner of the encryption key. This key is based on your password. We don't keep neither your password nor encryption key on our servers. If the author were to ever forget their PasswordPal password all of their data would have to be reset and could never be recovered. Even if a hacker did ever manage to find and hack the database, the information would be useless without each members' encryption key. So a hacker would have to spend hundreds of years unlocking each individuals encryption key and then all of their data.
We monitor the integrity of our website application 24/7/365 to avoid any hackers' attempts to integrate malicious code, badware, viruses or any kind of spyware code which can make security holes in our system. Once we get any alerts, we close any 'bad' connections immediately.
We monitor login attempts. Once you (or any potential thief) enters a password 3 times incorrectly, the account is deactivated and corresponding message is sent to the account owner. After an account is deactivated nobody can use it before it becomes active again. Only account owners can activate their accounts.
We backup all information daily to ensure that data is never lost.