passtash is a password manager with a difference. We do not store your passwords. You store them on your cloud
passtash is a different kind of password manager. Your passwords are not stored on our servers. Instead your passwords are stored on your chosen cloud service. This means unlike other services if our servers are compromised your passwords are still safe. We do not store your passwords on your device either. So if you lose your phone\tablet\laptop your passwords are still safe. In fact we do not hold any information about you, therefore, we cannot share your information with others.
When you start the app for the first time it asks to authenticate with your cloud service (e.g. google drive). After you authenticate, the app receives an authentication token. This token is used to read and write data (your encrypted passwords) to a special area on the cloud that is only accessible by the application. The app cannot read or write to any other areas.
Your passwords are not stored on your device (phone, tablet or pc). Every time you use passtash you have to enter your secure pin, we then retrieve your passwords from your cloud service. If your device is lost or stolen you can revoke access to the service at any time using your cloud service provider portal.
Well security is a bit of an abstract concept. You can make the argument that nothing is 100% secure. passtash relies on the use of cloud service providers. It is essential for the reputation of these companies that they provide safe and secure data access for their users. We cannot guarantee that there will never be a breach in security but we will do our utmost to protect your data by using strong encryption and transmitting your data securely. Part of having a secure system is having users that take security seriously. The onus is on you to make sure you use a strong password and where possible apply two factor authentication.
We generally would advise people not to send sensitive information over unsecured Wi-Fi networks. “Be careful about the information you access or send from a public wireless network. To be on the safe side, you may want to assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hot spot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network.”
We encourage you to continue to pass along any new recommendations, requests or bug reports.