Kitestrings security

As you’d expect, Kitestrings uses the HTTPS protocol to encrypt data transmitted to and from our users. Our Postgres database is encrypted with AES 256 encryption. These are industry standard basics for any application that’s meant to be remotely secure. But that’s just for starters.

Kitestrings security diagram

Military grade encryption

Data is transferred to Kitestrings’ Postgres servers with HTTPS protocol for encryption. It is then encoded with military grade AES 256 encryption and saved. When you access your password information, the data is decrypted and again transferred by HTTPS to your device.

Private master password

Kitestrings SPSTM uses a Private Master Password protocol to ensure the safety of your sensitive data. Once you have all of your passwords stored in Kitestrings, you’ll only ever need to remember your master password to retrieve them. No more guessing at passwords or using the same password over and over again.

Multi-factor Authentication

Multi-factor authentication is a crucial step to providing security for your data across devices. To mitigate the risks of identity theft, Kitestrings has partnered with Authy to provide multi-factor authentication for logging into your Kitestrings account.

Secure codebase

Our code is written in Ruby using the Rails framework, a standard and modern secure codebase for web application development. It’s been vetted by the University of Victoria’s Internet Security and Object Technology research team against known penetration methods, including:

  • Man in the Middle (MitM) attacks
  • SQL injection attacks
  • Session Hijacking
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Privilege Escalation

Ongoing Commitment

We’re building Kitestrings on an ongoing commitment to security and transparency. We’ve engaged with the University of Victoria’s Information Security research lab and have vetted all of our code through an NSERC research grant. As new security threats emerge, we quickly adapt by refactoring code, updating our server software and keeping our users abreast of the latest security information.