Back to overview

Password Manager – more secure with Host-Proof Hosting

Thousands of teams and individuals trust us to securely store countless passwords. We are thrilled and take your security very seriously, maintaining high levels of security for our servers and databases. Today we introduce a better and more secure way to store them.

We are launching Host-Proof Hosting support in our free online Password Manager application. What that means is that we do not store your actual passwords on our server! We simply have an encrypted version that cannot be decrypted without your master password which only you know. It is not stored absolutely anywhere. This means no one, and we mean nobody except you can ever access your passwords.

This feature is optional, we encourage you to start using it. We made it very simple to switch all your passwords in one step. You will see this new option:

existing passwords

It will prompt for the Master Password and will encrypt all your passwords in a browser and will send it to Freedcamp for storage. Sharing passwords works as before and you only need to share the master password with your team. With great security comes great responsibility – keep your master password recorded in safe place and share it with your team in a secure way!

If you want to try it out first – edit one of your existing passwords or add a new one and select ‘Use Master Password’ checkbox as shown below (1).

Adding host-proof hosting password Freedcamp's Password Manager

Freedcamp will prompt you to create the master password (2). XKCD nailed down that secure password does not need to be like ‘jn[%RSYm@+R?35z’ but can be simple and easy to remember while staying very hard to brute force. We use this approach and suggest this technique not only to create a secure master password in Freedcamp but anywhere where service or vendor do allow spaces and does not restrict password length too much.

password_strength

We added a new column with hints so it is easy to see which passwords are secured with the master password and not.

Freedcamp Password Manager - standard and host-proof security hints

Finally once you started using the master password our context menu will have two additional options.

1 – you can change your master password by providing old one (remember – lost master password makes your passwords essentially lost)
2 – you can convert all your passwords secured with Host-Proof Security back to standard encryption (no pressure – choice, as always, is yours).

context_menu_password_manager_freeedcamp

If you are interested in technical details – please check this page and diagram below.

host-proof hosting

We also updated our documentation for Password Manager application. If you have any questions – please email us and ask us about details.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*

  1. Release notes – 4 July 2015 « Freedcamp Blog says

    […] We’ve increased the security level of our Freedcamp’s Passwords application, when master password is used (AES-256 instead of AES-128, though AES-128 was also quite secure). To benefit from this more […]