As you’d expect, Kitestrings uses the HTTPS protocol to encrypt data transmitted to and from our users. Our Postgres database is encrypted with AES 256 encryption. These are industry standard basics for any application that’s meant to be remotely secure. But that’s just for starters.
Military grade encryption
Data is transferred to Kitestrings’ Postgres servers with HTTPS protocol for encryption. It is then encoded with military grade AES 256 encryption and saved. When you access your password information, the data is decrypted and again transferred by HTTPS to your device.
Private master password
Kitestrings SPSTM uses a Private Master Password protocol to ensure the safety of your sensitive data. Once you have all of your passwords stored in Kitestrings, you’ll only ever need to remember your master password to retrieve them. No more guessing at passwords or using the same password over and over again.
Multi-factor authentication is a crucial step to providing security for your data across devices. To mitigate the risks of identity theft, Kitestrings has partnered with Authy to provide multi-factor authentication for logging into your Kitestrings account.
Our code is written in Ruby using the Rails framework, a standard and modern secure codebase for web application development. It’s been vetted by the University of Victoria’s Internet Security and Object Technology research team against known penetration methods, including:
- Man in the Middle (MitM) attacks
- SQL injection attacks
- Session Hijacking
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Privilege Escalation
Kitestrings is hosted on the Heroku platform, which is, in turn, operated within the Amazon Web Services infrastructure. Heroku is owned by (and runs) Salesforce.com, one of the biggest cloud services in the world. It is the most pro of professional grade hosting. You can read more here.
We’re building Kitestrings on an ongoing commitment to security and transparency. We’ve engaged with the University of Victoria’s Information Security research lab and have vetted all of our code through an NSERC research grant. As new security threats emerge, we quickly adapt by refactoring code, updating our server software and keeping our users abreast of the latest security information.