You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
Home > v7 Legacy > Password Management > How Shift keeps your password data safe (v7 Legacy)
How Shift keeps your password data safe (v7 Legacy)
print icon

How the encryption process works

Your password data is protected using advanced encryption that adheres to industry best practices for cryptography. When you use the Shift Password Manager, an encrypted file (known as your Password Vault) is created on your computer. If the Backup and Sync setting is turned on, an encrypted copy of this file is also stored on Shift’s servers. Your Password Vault is always encrypted first locally.


A 20-character code (known as your Vault Password) is also generated automatically and is used to access your Password Vault. You are the only person that has access to your Vault Password. Your Vault Password is saved in your computer’s credential storage system and is never sent to Shift’s servers. Your Password Vault cannot be decrypted or viewed without your Vault Password.


You will be prompted to set up your Emergency Kit, which contains your Vault Password.


It is important to save and/or print your Emergency Kit in case you are prompted to enter it again or need to access your Password Data on another computer.


Encryption standards

All cryptographic code used by Shift comes from reputable third-party libraries that are written and maintained by cryptography experts. Each of your passwords is encrypted as soon as they are entered or imported into Shift. Password data is encrypted using AES (Advanced Encryption Standard) and Argon2. Shift uses 256-bit AES-CBC encryption with a 256-bit key. This key is generated from a randomly generated vault password combined with a random password salt. The password salt is a unique value that is added to your password prior to key-stretching via Argon2. Both the salt and your Vault Password are required to access your vault. 


When Backup and Sync is enabled in Shift, a copy of your Password Vault is sent to Shift’s servers. This encrypted password data is then AES-encrypted a second time on Shift’s servers, meaning there are two layers of encryption on your vault on our servers. Remember, your Password Vault can only be accessed with your locally stored Vault Password. The encryption method and process used in Shift ensures your password information is protected and secure.



What's next?

Learn more about the Backup & Sync setting here.


Learn more about your Emergency Kit here.


Need help?

Get in touch with our support team here.

scroll to top icon