The service was designed from the ground up with security and privacy in mind.
We deploy best-in-class security to prevent unauthorized use or access.
Bring your own encryption keys
Only you can decrypt your data
2-Factor Auth (ToTP)
Keep your account secure with 2FA and 2FA failure alerts
Rate limiting
Login rate limiting and alerts preventing brute force
Modern memory hard password hashing
Slowing down brute force attempts
Anti email harvesting
Bots can't probe for valid emails
Access monitoring
Active sessions and new location alerts
Sticky login sessions
Hijacked login session can't be used on a different IP
API tokens
Flexible access control
File names, file data and meta data are always encrypted using 256 bit symmetric encryption on your device
All backup data encrypted with 256 bit keys
AEAD ciphers are used to provide authenticated encryption
Quantum safe algorithms
We don't make use of asymmetric algorithms to protect your data which may be breakable with quantum computers in future
Client side encryption keys
Encryption keys are generated locally and protected with your passphrase, we never see them
Entropy pool for strong key generation
The client mixes entropy from multiple sources and allows mixing of user provided entropy data
Anti fingerprinting
Files are split into nondeterministically sized blocks to prevent file size fingerprinting
8bitsafe is secure even when backing up across an insecure network due to full client side encryption and request signatures. We force encrypted transmission for added security and privacy.
Data Transferred via HTTPS
Client and storage servers only allow TLS1.2+ with strong ciphers
Encrypted remote storage
We encrypt your data again when stored on our storage servers
Durable storage
99.999999999% (11 nines) durability
Secure storage
Access to remote storage requires fine grained authentication