Your password data is protected using advanced encryption that adheres to industry best practices for cryptography. When you use the Shift Password Manager, an encrypted file (known as your vault) is created on your computer. If the Backup and Sync setting is turned on, an encrypted copy of this file is also stored on Shift’s servers. Your vault is always encrypted first and can only be decrypted by you.
The Backup and Sync setting is turned on by default and we recommend that you leave it on or turn it on so that your passwords are not lost if you reset your application data in Shift.
Along with your vault, a 20-character code (known as your vault password) is also generated and is used to access your vault. You are the only person that has access to your vault password. Your vault password is only saved in your computer’s credential storage system and is never sent to Shift’s servers. Your vault cannot be decrypted or viewed without your vault password.
If your vault password is lost, your vault cannot be recovered.
You will be prompted to set up your emergency kit, which contains your 20-character vault password. It is important to save and/or print your emergency kit to ensure you can unlock your vault.
For Windows Users, your vault password is stored in the Credential Vault.
For Mac users, your vault password is stored in the Keychain.
For Linux Users, your vault password is stored using the Secret Service API (libsecret).
How is my Password Data Encrypted?
All cryptographic code used by Shift comes from reputable third-party libraries that are written and maintained by cryptography experts. Each of your passwords is encrypted as soon as they are entered or imported into Shift. Password data is encrypted using AES (Advanced Encryption Standard) and Argon2. Shift uses 256-bit AES-CBC encryption with a 256-bit key. This key is generated from a randomly generated vault password combined with a random password salt. The password salt is a unique value that is added to your password prior to key-stretching via Argon2. Both the salt and your vault password are required to access your vault.
When password Backup and Sync is enabled in Shift, a copy of your vault is sent to Shift’s servers. The encrypted vault is AES encrypted a second time on Shift’s servers.
There are two layers of encryption on your vault on our servers. Remember, the vault can only be accessed with your locally stored vault password. The encryption method and process used in Shift ensures your password information is protected and secure.
Learn how to enable password sync here.
Reach out directly to the Customer Success team here for any other questions or concerns.