At Integralis we take security and information protection very seriously. To adhere to legislation as well as the security policies of our customers, the MyPass Password Manager is built with information protection and security as standard. Some of the key highlights include:
- The MyPass Password Manager Gateway and MyPass Password Manager platform require SSL to connect to onsite credential repositories to guarantee secure communications. This requires SSL certificates with a minimum 2048-bit or 4096-bit RSA encryption key.
- All internal system and database encryption is based on AES256, the highest available standard in the Microsoft .Net framework.
- Sensitive data relating to end-user enrollment questions, personal data, and solution configuration data is stored in the database using AES256 encryption.
- All sensitive data such as users’ answers and questions are AES256 encrypted by default. For security compliance at the highest level, user information can be hashed (in addition to encryption) to completely protect user data.
- The MyPass Track Engine ensures that data between the client’s browser, the MyPass platform servers and the company credential repository, cannot be intercepted or re-posted.
- End-user passwords can optionally be stored encrypted (AES 256) in the MyPass Password Manager database. This further tightens security for password history (for example, manages the minimum number of differences allowable to any previously-used password).