Skip to content

Commit

Permalink
Merge pull request #449 from duckduckgo/graeme/add-password-manager-page
Browse files Browse the repository at this point in the history
Add password manager security page
  • Loading branch information
graeme authored Sep 3, 2024
2 parents 1698ad0 + fc29395 commit bdc9bc9
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions _docs/sync-and-backup/password-manager-security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
title: How secure is DuckDuckGo’s built-in password manager?
nav_title: Password Manager Security
description: Sync bookmarks, passwords, and Email Protection settings between DuckDuckGo browsers on phones, tablets, and computers, privately and securely.
category: Sync & Backup
order: 700
---

DuckDuckGo’s password manager has a range of robust security protections in place to keep your passwords safe and accessible only by you.

- **On-device encryption & storage**
- **Locks access behind secure on-device authentication**
- **Lets you generate secure passwords on the fly**
- **Phishing protection for autofill**
- **Sync & Backup is easy to set up when you’re ready**

## On-Device Encryption & Storage

Unlike other browsers and password managers, you won’t have to set up another account to remember or autofill passwords in DuckDuckGo. That’s because we don’t store your passwords in the cloud by default — we encrypt them (via 256-bit AES) before stashing them securely on your device.

## Biometric or Passcode Unlock

We designed our password manager to leverage the security built-in to your Apple, Windows, and Android devices. Your saved passwords can only be accessed or used after authenticating with built-in biometric security, for example Face ID or Touch ID, or your passcode.

## Secure Password Generation

Using the same password for different sites makes that password less secure, and remembering unique passwords for all your sites can be a pain. The DuckDuckGo password manager gives you one-touch access to a strong random password whenever you sign up to a new site, which you can easily access whenever you sign back in.

## Phishing Protection

Once you’ve saved a login for a website, we won’t show you an autofill prompt unless that domain’s signature matches one of your saved passwords. If you’ve saved a password, autofill prompts won’t appear for sign-in forms on sites pretending to be the real website, and we’ll never pre-fill your saved passwords without prompting you first — if something about the site seems dodgy you can choose not to proceed.

## End-To-End Encrypted Sync & Backup

If you set up private Sync & Backup in DuckDuckGo, we store your data on our servers in a way that prevents us and others from reading it but lets you access up-to-date logins in DuckDuckGo browsers on your other devices.

End-to-end encryption means your data is encrypted before it’s uploaded to DuckDuckGo’s servers and is only decrypted after it’s downloaded onto your device. In other words, it’s encrypted from one end (the first device) to the other end (a second device) and is only readable from your devices that contain the encryption key.

That means DuckDuckGo does not have access to the encryption key and cannot read the data stored on our servers.

0 comments on commit bdc9bc9

Please sign in to comment.