...

Security

Keeping our customer data safe is a part of our DNA

Philosophy

Protection of customer data is a top priority.

The service was designed from the ground up with security and privacy in mind.

Account Access

We deploy best-in-class security to prevent unauthorized use or access.

Bring your own encryption keys

Only you can decrypt your data

2-Factor Auth (ToTP)

Keep your account secure with 2FA and 2FA failure alerts

Rate limiting

Login rate limiting and alerts preventing brute force

Modern memory hard password hashing

Slowing down brute force attempts

Anti email harvesting

Bots can't probe for valid emails

Access monitoring

Active sessions and new location alerts

Sticky login sessions

Hijacked login session can't be used on a different IP

API tokens

Flexible access control

Data encryption

File names, file data and meta data are always encrypted using 256 bit symmetric encryption on your device

All backup data encrypted with 256 bit keys

AEAD ciphers are used to provide authenticated encryption

Quantum safe algorithms

We don't make use of asymmetric algorithms to protect your data which may be breakable with quantum computers in future

Client side encryption keys

Encryption keys are generated locally and protected with your passphrase, we never see them

Entropy pool for strong key generation

The client mixes entropy from multiple sources and allows mixing of user provided entropy data

Anti fingerprinting

Files are split into nondeterministically sized blocks to prevent file size fingerprinting

Data Transmission & Remote Storage

8bitsafe is secure even when backing up across an insecure network due to full client side encryption and request signatures. We force encrypted transmission for added security and privacy.

Data Transferred via HTTPS

Client and storage servers only allow TLS1.2+ with strong ciphers

Encrypted remote storage

We encrypt your data again when stored on our storage servers

Durable storage

99.999999999% (11 nines) durability

Secure storage

Access to remote storage requires fine grained authentication