MyPasswords Logo MyPasswords
← Back to MyPasswords Page

Our Commitment to Your Security

How MyPasswords Creates a Digital Fortress for Your Data

Last updated: August 1, 2025

At MyPasswords, security is not an afterthought; it is the core of our architecture. Because our app is 100% offline, your data is isolated from online threats by default. We then add multiple layers of advanced protection to ensure your information remains secure, private, and accessible only to you.

The Foundation: AES-256 Encryption

Every piece of information you store in MyPasswords is encrypted at rest using the Advanced Encryption Standard (AES) with a 256-bit key. Here’s what that means for your safety:

  • Military-Grade Standard: AES-256 is the same encryption standard trusted by governments, banks, and security agencies worldwide to protect classified information.
  • Mathematically Unbreakable: A 256-bit key has $2^{256}$ possible combinations. That's a number with 78 digits. It would take the most powerful supercomputers billions of years to guess the correct key, making your encrypted data practically impossible to crack through brute force.
  • Your PIN is the Key: Your encrypted data can only be unlocked with your unique numerical PIN. We never store your PIN directly; it is used to derive the encryption key, which is held only in your device's memory while the app is unlocked.

A Multi-Layered Defense System

Beyond encryption, we've implemented several practical security features to protect your vault from real-world scenarios:

Automatic App Lock

If you switch to another app, lock your screen, or the app is otherwise sent to the background, MyPasswords automatically locks itself. Upon returning, you must re-enter your PIN to regain access. This prevents unauthorized access if someone gets ahold of your already-unlocked phone.

Dual-Layer Password Protection

We enforce two checkpoints for your security. You need your PIN once to open the app and unlock the main vault. Then, to provide an extra layer of protection against shoulder-surfing, you must authenticate with your PIN a second time to view the details of any specific password.

Brute-Force Attack Mitigation

To prevent attackers from rapidly guessing your PIN, we have implemented an attempt-throttling mechanism. After 5 consecutive failed PIN entries, the app will enforce a mandatory cooldown period, significantly slowing down any brute-force attempt and rendering it impractical.

Security by Design: What We Exclude on Purpose

Often, the best security comes from what isn't there. Our minimalist, offline approach eliminates common attack vectors:

  • No Cloud, No Problem: Since we don't use cloud sync, your data cannot be exposed in a third-party server breach.
  • No Internet, No Interception: The app's inability to connect to the internet means your data can't be intercepted in transit.
  • No Accounts, No Central Target: We don't have a central user database, which is a prime target for hackers. Your security is decentralized and entirely in your hands.

Your Role in Security

Your habits are a critical part of the security chain. We recommend you:

  • Choose a strong, non-obvious PIN and remember it.
  • Never share your PIN with anyone.