In addition to the symmetric encryption (AES 256-bit) applied by our Application to your messages and files and the 2 tunnels (SSL/TLS + AES 256-bit) through which all communications go between the Application and our servers, we have implemented some security measures that may seem excessive but are, in fact, essential to maintain the security of your information:

 

Password 

Together with your username, the password will grant you access to your account. Your password is not stored on our servers. We save only one HASH value of it.

What's the point? This is the more basic level of security used in all services where there is a need to validate user access.

 

PIN Code 

6-digit numeric code you created when you set the security options for your account.

What's the point? We use the PIN Code to validate sensitive operations in your account whenever access is made through the Account Site. This way we avoid that someone else than yourself can perform operations on your account even if they find a way to know your Username and Password.

 

Security Questions

Set of two questions, selected and answered by you when you set up your Password and PIN Code . 

What's the point? If you ever forget your password, you will be asked these questions during the password reset process. You must provide the exact same answers you initially provided, otherwise you will not be able to reset the password and can lose access to your account.

 

Application Code

This is a 12-character alphanumeric code, sent to your email when you activated your 3NCRYPT3D account. This is essential for the configuration of the first device where you install the Secure Application. 

What's the point? with this Code we prevent any other person from installing the Application to login to your account, even if they know your login details (Username and Password).

 

Double Authentication

Also known as "2-Factor Authentication", or 2FA, the Double Authentication Code is a numeric code that is sent to your email whenever you want to log in to your account through the account access site.  

What's the point? Even if someone gets to know your username and password that person will not be able to login to your account as they will not have access to your email account. 

 

Encryption Key Backup

Backup copy of the unique and unrepeatable encryption key associated with your account. This backup copy is itself encrypted using a password of your choice at the time you create it.

What's the point? if you ever lose all the devices where you have the application installed, you will need this copy (and remember the Password you used when you created it) in order to be able to reinstall the Application on a new device and access your account contents. Because this backup file is encrypted with the aforementioned password, even if someone has access to it they will not be able to use it, as they don’t know the password you used.

 

Authorization

Process by which you use your Primary Device to give additional devices permission to login to your account. 

What's the point? By using this security feature we ensure that only the legitimate owner of an account, with the application already configured, can authorize additional devices. Even if someone had access to your Username, Password and Encryption Key Backup, they would not be able to access your content as they would not be able to authorize the Application to login to your account.