-
Notifications
You must be signed in to change notification settings - Fork 205
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #449 from duckduckgo/graeme/add-password-manager-page
Add password manager security page
- Loading branch information
Showing
1 changed file
with
39 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
title: How secure is DuckDuckGo’s built-in password manager? | ||
nav_title: Password Manager Security | ||
description: Sync bookmarks, passwords, and Email Protection settings between DuckDuckGo browsers on phones, tablets, and computers, privately and securely. | ||
category: Sync & Backup | ||
order: 700 | ||
--- | ||
|
||
DuckDuckGo’s password manager has a range of robust security protections in place to keep your passwords safe and accessible only by you. | ||
|
||
- **On-device encryption & storage** | ||
- **Locks access behind secure on-device authentication** | ||
- **Lets you generate secure passwords on the fly** | ||
- **Phishing protection for autofill** | ||
- **Sync & Backup is easy to set up when you’re ready** | ||
|
||
## On-Device Encryption & Storage | ||
|
||
Unlike other browsers and password managers, you won’t have to set up another account to remember or autofill passwords in DuckDuckGo. That’s because we don’t store your passwords in the cloud by default — we encrypt them (via 256-bit AES) before stashing them securely on your device. | ||
|
||
## Biometric or Passcode Unlock | ||
|
||
We designed our password manager to leverage the security built-in to your Apple, Windows, and Android devices. Your saved passwords can only be accessed or used after authenticating with built-in biometric security, for example Face ID or Touch ID, or your passcode. | ||
|
||
## Secure Password Generation | ||
|
||
Using the same password for different sites makes that password less secure, and remembering unique passwords for all your sites can be a pain. The DuckDuckGo password manager gives you one-touch access to a strong random password whenever you sign up to a new site, which you can easily access whenever you sign back in. | ||
|
||
## Phishing Protection | ||
|
||
Once you’ve saved a login for a website, we won’t show you an autofill prompt unless that domain’s signature matches one of your saved passwords. If you’ve saved a password, autofill prompts won’t appear for sign-in forms on sites pretending to be the real website, and we’ll never pre-fill your saved passwords without prompting you first — if something about the site seems dodgy you can choose not to proceed. | ||
|
||
## End-To-End Encrypted Sync & Backup | ||
|
||
If you set up private Sync & Backup in DuckDuckGo, we store your data on our servers in a way that prevents us and others from reading it but lets you access up-to-date logins in DuckDuckGo browsers on your other devices. | ||
|
||
End-to-end encryption means your data is encrypted before it’s uploaded to DuckDuckGo’s servers and is only decrypted after it’s downloaded onto your device. In other words, it’s encrypted from one end (the first device) to the other end (a second device) and is only readable from your devices that contain the encryption key. | ||
|
||
That means DuckDuckGo does not have access to the encryption key and cannot read the data stored on our servers. |