About EverPass Security

Everpass protects your passwords and your privacy. Therefore we took the job of designing its security features very serious.

Permanent Information Protection

All your information is encrypted at the time you enter it. It is never stored in a readable fashion. If you access information (e.g. to display it or copy it into a login form) only that piece of information will be decrypted - and only for the time you actually need it. When you enter you file encryption password to open a Everpass password store, this password is encrypted immediately to protect it even for the short period it needs to be stored in your computer's RAM. Information read from a password store is encrypted in main memory using a temporary encryption key. Your password stores are never encrypted entirely nor is any unencrypted information ever written to disk or iCloud.

Military Grade Encryption

Everpass uses AES 256 Bit encryption which is currently considered as military grade secure. As of today's knowledge and with today's available technology there is no way to decrypt a AES-256 secured password store without knowing the password. An immediate consequence is: your password store becomes less secure if you choose a store password which is either to short or easy to guess. Everpasses implementation of AES encrypts every piece of information individually with a slightly modified version of the master key. If you encrypt the same text multiple times, the encrypted version of each would still look totally different. Even if an attacker should be able to analyze your password store, he or she could not even tell whether you are using the same username and password for multiple accounts or not. Even more: if an attacker had the chance to add information to your store (or would know certain pieces of information which are stored there) he or she would not be able to infer your store's password from this information. He or she would also not be able to use this knowledge to decrypt other pieces of information from the store.

Recovery Keys

Since your password store is unbreakable without the store's password, loosing this password definitely results in loosing all the information in that store. As a safety measure, Everpass can assign mutliple password to each store. While one is meant to be generally used as the store's password, another one may serve as a recovery key in case you loose the primary password. We recommend to chosse a realy long an complex sequence as a recovery password and to either store it in a safe location or to give it to someone you trust. Another possible use of multiple passwords is if you share a password store with someone (e.g. your co-workers). You may want multiple persons to able to access the information but you may not want them to share a common secret.

Secure Password Store

The Everpass password store is a proprietary file format with field level encryption. This allows very fine grained access to the information. In particular it allows Everpass to keep most of the information encrypted all the time.
  • What's on disk or in iCloud is always encrypted.
  • Passwords are always encrypted, even in memory and are decrypted only for the short period when you use them to log in.
  • What's not on the screen is usually encrypted (account titles and usernames may be decrypted during scrolling or searching the list)
  • Every stored piece of information is enrypted. This includes comments, attributes and even the icon images.

Secure Passwords

With Everpass you don't need to memorize the passwords to log in to your different account. Consequently you are free to use individual passwords for each of your account. Like this, even if someone gets hold of (e.g.) the password you use for your favourite online shop, he or her would not be able to use this password to log in to your social media account. Be aware that even if you keep your passwords secret, you have no control what happens to your passwords on your favourite websites. Using different passwords for each website reduces this risk. Even if your password is not known to an attacker it may be easy to guess. Modern computer systems are capable of simply tring hundreds of password per second. And if you password consits of anything that can be found in a dictionary it's just a matter of time until an abitous attacker will find it. Everpass has a built in passwort generator which can generate long, complex and completely randomized passwords. Each time you add a new account to everpass it is already set up with a unique and unguessable password. You can simply copy it when you create a new account anywhere.

Update Policy

We will keep everpass up to date with the latest security technology. If the general knowledge about AES's security should change we will provide updates to adress any recommendations.