Webpass gives you an ability of maximum control over the creation, storage, provision of access and accounting.
Webpass Doesn't Have Access To Your Passwords
Our service is created in such a way that any sensitive data (passwords, notes) is transmitted to the servers and is stored in the local storage of the browser exclusively in encrypted form, and this way eliminates the possibility of interaction to data both from the Webpass server and from third parties. The key to the cipher is your master password, which is never kept open during working process. Be careful! Security of this method means that in case of loss of the main and reserved master password we will not be able to restore your data
Unauthorized Access Risk Notification
The security system monitors the confidentiality of passwords and timely reports about cases when changing of password of the account is necessary (for example, when employee lost access to the account, was retired, etc.)
AES-256 and RSA Data Encryption
Sensitive data are encrypted using AES-256 algorithm, which is adopted by governments of different countries as the encryption standard. The key for the algorithm is being extracted by converting the master password into a cryptographic 256-bit password.
Data transfer between users is carried out using the RSA algorithm; its mathematical functions generate two keys for the system: public and private. The public key allows you to encrypt the transmitted data so that only someone who knows the private key can decrypt this data. The private key is known only by the recipient, and this is a key feature of the asymmetric encryption method. Similarly, user's data are protected by Telegram app.
Two-Factor Authentication
You can provide an extra security for your Webpass account by two-factor authentication. An authorization key is being generated on the user’s smartphone by Google Authenticator app, and this key is valid during 30 seconds. Thus, even if you know the master password, the enter into the Webpass account without access to the smartphone will be impossible.
Setting Password Complexity
Users like to use similar and too simple passwords. You can determine the minimum available password complexity and prohibit the use of the same password more than once.
Password Security Analysis
Password complexity determines how long it takes for an attacker to hack it. It may take tens of thousands of years for cracker to guess a secure password. The system will tell you how secure the password is.
Management of Employees' Access to Passwords
You may select the desired level of an employee's access to any account.
Minimal level: viewing without password entry. An employee sees an account in the list of accounts, but he does not have an access to password without his approved request.
Standart level: the user can view the account and copy its password, but cannot change it.
Administrator level: the user can edit and delete the account, as well as open access to another users.
Full access: the user can delegate administrator level of access to other users.
Password Relevance Control
Security rules recommend you to change passwords periodically. You can specify how often passwords are to be updated. Further, the system monitors their relevance and notifies administrators about the necessarity of password replacement.
Change History Recording
Webpass stores detailed info about who and when looked through, edited, opened access to accounts.
Protection of Webpass Account Password From Guessing
If attackers try to hack a password for a Webpass account, the security system will monitor such attempts, will block the possibility of authorization and will instantly notify the account owner.