Your passwords and data are valuable.
Protect them!

ZenyPass works like a bank vault,
No one but you can access its content.

1How does ZenyPass help better protect your online data?

ZenyPass makes it easy to follow the key principles to protect your online data:

  • use long, random, robust, and different passwords for each online account
  • protect these passwords in a secure and confidential environment

ZenyPass is a digital vault that memorizes your passwords for you, and allows you to connect to your online accounts in a few clicks.

You no longer have to remember or type passwords. It is therefore easy to use non memorizable, long and random passwords, for each of your online accounts. To connect to any website, you will only need your ZenyPass password.

In addition, ZenyPass is available and secure on all the devices of your choice: computer, tablet, smartphone. You can therefore comfortably access your passwords in all circumstances.

Rules of thumb to protect access to any data:

Don't
  • use simple passwords, containing known or easily identifiable information (birthdays, first names of family members, ...)
  • use the same password on multiple websites
  • Use your own "complex methods", replace 's' with '$' or 'l' with '1'... Hackers have powerful means and algorithms, which take into account such techniques.
  • store your passwords in a note on your computer or phone, in your contacts, in an Excel or Word file, ....
Do
  • use a random and long enough password (12 characters minimum) so that it cannot be easily found by hackers, or any other malicious person
  • use different passwords for each site, to avoid, in the event that one of your passwords is stolen, any contamination phenomenon to all online accounts using this stolen password.
  • store passwords securely, to mitigate the risk of theft.

2How does ZenyPass protect the content of each vault?

The content of each ZenyPass vault:

  • is encrypted locally by the user's device
  • with a standard, robust algorithm that has been independently audited
  • and using particularly complex encryption keys.

ZenyPass protects the content of each vault by encrypting it directly on the user's device, before even storing it, or transferring it to our servers. An audit of the encryption algorithm was carried out by an independent company (Cure53), confirming the robustness of its implementation.

The keys used for encryption are particularly complex, and are never transmitted to our servers: only the user's devices can access them, and each authorized device has its own key.

They are themselves encrypted, and can only be deciphered with the user's ZenyPass password.

End to End encryption

  • all your data recorded into ZenyPass is encrypted directly on your devices, before it is stored, or transferred to our servers. Deciphering your data can only be done on your authorized devices, which exclusively maintain the appropriate keys.

Open source cryptography (OpenPGP.js)

  • the implementation of the standard OpenPGP algorithm used to encrypt your data was independently audited in August 2018, confirming its reliability.

Good to know
Since your data can only be deciphered on the devices you specifically authorize, you can define a relatively simple ZenyPass password to unlock your vault. Even if your ZenyPass password were to fall in the hands of a malicious attacker, the content of your vault would still not be decipherable without access to your device.

3How does ZenyPass protect access to each vault?

The content of your vault is completely private and confidential.

You do not give us your data: we have no way to access it!!

Accessing a vault requires:

  • the user's authorized devices
  • the user's ZenyPass password.

The keys that are necessary to decipher the content of a vault are generated and maintained by the user's authorized devices, and are exclusively stored locally on these devices. Since we don't have access to these devices, we cannot access these keys, and therefore, we cannot decipher or access the content of any vault.

The data you save in ZenyPass is therefore never shared.

We can't know what's in your vault, we can't sell it, we can't share it with anyone.

Built-in two-factor authentication

  • Accessing your data requires the ZenyPass password that you have defined yourself (something only you know), and a device that you have previously authorized (something only you own).

Zero-Knowledge technology

  • no one else but you can decipher your data. We cannot access any of the cleartext data you store in ZenyPass.

Not only do we not have access to your passwords, but as ZenyPass encrypts all the data you store, we do not have access to the names or URLs of the accounts you add, your identifiers, your comments, etc....

4How and where is the content of each vault stored?

The content of a vault is exclusively stored in encrypted format on the user's authorized devices and on our servers.

The keys to decipher this content are exclusively stored on the user's authorized devices, never on our servers.

ZenyPass is not a website like any other: it is a web application. Unlike traditional applications, a web application runs in your web browser. But like other applications, ZenyPass runs locally on your device, not on our servers.

Therefore, ZenyPass encrypts your data locally on your devices, so that only encrypted data can be stored or sent to our servers.

On your devices

  • Your encrypted data is stored along with a version (also encrypted) of the key that can decipher it. This key can only be deciphered with your ZenyPass password, which only you know.

On our servers

  • located in the European Community, your encrypted data is stored without the key that is needed to decipher it.

Your data can only be deciphered with your ZenyPass password, and only on devices that you have authorized.

Data displayed

ZenyPass password manager encrypted data

Data stored

5What would be the impact of a theft of data stored on ZenyPass servers?

A theft of data stored on ZenyPass servers would not expose your passwords, credentials, nor any other data stored in your vault.

Our servers only contain useless data:

  • a copy of users' data, in encrypted format
  • but without the keys needed to decipher this data.

The best way to prevent a theft of the data you store in ZenyPass, is to never have access to it.

This is one of the reasons why we do not have the ability to decipher your data.

Your encrypted data is copied to our servers so that it can be synchronized between your authorized devices. This encrypted data has no value and is useless without the keys to decipher them. However, these keys, themselves encrypted, are only stored on your devices.

The encrypted data on our servers can therefore only be deciphered on your authorized devices: a data theft on our servers has no consequence for the cleartext data you manage in ZenyPass (passwords, credentials, websites).

Good to know
Even though the data on our servers is unusable without one of your devices and your ZenyPass password, our servers are obviously additionally protected against intrusion.

A penetration test conducted by the company Thalès confirmed the robustness of this protection.