Each user account within BeanLogin is associated with a unique account key that is used to encrypt the data.
Customer Master Key
Each user’s account key is encrypted using a customer-specific master key, which is stored separately from the database.
Customer-specific master keys are rotated once every 3 months and the old keys are archived for a period of 6 months.
User Data Transport
Encrypted user data will be synced across the user’s trusted devices through a secure channel (TLS).
Public Key Cryptography
On trusted devices, data encryption/decryption will happen locally using the user’s private key, which is never known to BeanLogin.
Each shared item is encrypted using a unique Shared Key, which is encrypted using the respective shared user’s public key. The shared key can be decrypted on the device locally using the user’s own private key.
Offers a variety of 2-factor options to protect your portal as well as web apps within your organization
Supports TouchID authentication and pattern recognition (Android devices)
New devices go through a risk assessment before getting registered
Sharing data with people you know using public key cryptography
Wipe out all of your passwords and notes from BeanLogin using our Kill Switch
Advanced encryption that encrypts data using keys derived from user’s password