Market Ruler HelpMobile Password Safe Security
Country of origin
The Tonic company made a deal with the country of Tonga and has a business selling the country's domain names (.to) for a profit ($50/year compared with $8-$15 per year).
However, you can still get short domains, which was what we wanted for cell phone applications, no?
(You want to type mobilepasswordsafe.com on your cell phone?)
Market Acumen, Inc. is based in U.S.A. in Media, Pennsylvania, USA.
Our hosting provider is Amazon Web Services in their data center in Oregon, USA.
So, your data is stored in the USA.
Security Practices
The connection is encrypted with SSL, however because nothing is ever sent to our servers in plain text, the application is sufficiently secure for most personal or business purposes now.
The first time you enter your password, we send a cryptographic fingerprint (SHA256 Hash) of your password to our servers and store it so we can verify it is correct when you visit the page again.
We generate your encryption key by running your password through 9 rounds of SHA 256 to generate a sufficiently random password key.
We use the Advanced Encryption Standard in CBC mode for encryption.
The next time you log in, nothing is sent to our servers; we just check the SHA 256 password against what we already know.
When you load the first page, all of the encrypted data is on the page already. Your password, once verified, then decrypts the information on the page.
When you add an entry, we encrypt it, then send it to our server for storage.
When you delete an entry, we simply delete it on our end.
When we encrypt your password entry, we pad the beginning and end of the encrypted password entry with garbage, ranging from 50 to 100 random characters.