We write a lot about end-to-end encryption because it’s one of the foundational blocks that all of our products are built on. Encryption may sound complicated, but you don’t need to be a tech expert to understand how it can benefit you by protecting your personal information. Proton Pass helps you use end-to-end password encryption to keep your passwords secure and private: in this article, we’ll explain what end-to-end password encryption is and how it keeps you safe online.
What is end-to-end password encryption?
To understand password encryption, it’s important to understand that encrypting information requires a public and a private key. These keys aren’t physical items or digital items that you need to use. The private key is a randomly generated secret used by an encryption algorithm to decrypt your data. That’s why it’s important to keep the private key secret: the public key is derived from the private key, and allows anyone to encrypt data that will only be possible to decrypt by using the private key.
When you choose to encrypt a piece of information, you should use an already available and battle tested algorithm to ensure that your data stays safe and is properly encrypted. You don’t need to build an encryption algorithm yourself; you can instead use a service with encryption built into its infrastructure.
Encryption has its own standards. Cryptographic standards have changed over the years as technological encryption capabilities have advanced, and the standard that most encryption services use today is the Advanced Encryption Standard (AES)(nuova finestra). It was developed by the National Institute of Standards and Technology (NIST)(nuova finestra) in 2001 and has been used by the U.S. government since its inception.
How can I encrypt my passwords?
In the past, encryption and decryption had to be done manually and required technical expertise. Today, Proton Pass encrypts your passwords for you. There’s nothing you need to do, because end-to-end encryption is built into the product. Your public and private keys are stored on your device, and they’ll work in the background encrypting and decrypting your passwords for you.
End-to-end encryption is the most private way to store and share information. It’s called end-to-end because your data is encrypted from the time you save it until the next time you access or share it: the encryption is always in place. All of the encryption that Proton uses is end-to-end.
As a side note, sometimes password safety practices known as hashing and salting come up in conversations about encryption. They’re similar to encryption because they’re both ways of scrambling information so that it’s unreadable, but they’re actually different. Hashing is irreversible, where encryption is reversible. Salting is a secondary process used to add unpredictability to hashed passwords. We don’t use hashing or salting to encrypt your password in Proton Pass, but we do use them to encrypt your account keys.
How does end-to-end password encryption work?
When you encrypt something, such as a password, you turn it from a recognizable word (plaintext) into a random string of numbers and letters known as ciphertext. Converting something into ciphertext isn’t the same as using a secret code to encrypt information. The string of characters is purely random, and can only be decrypted by using the correct key.
That plaintext can’t be accessed by your internet provider, or a government agency, because they don’t have access to the keys they need to decrypt the information. Only you can access it, and if you share it with a chosen recipient then they’ll be able to access it too. There’s nothing you need to do to encrypt a password, because in Proton Pass that’s the default for everything you store.
If you’re interested in learning about encryption, you can read our blog explaining how exactly encryption works to learn more about some of the differences between end-to-end encryption and other security protocols and see an encrypted password example.
Why encryption is important
Encryption is an extra layer of protection for your information. Ideally you want as many layers of protection for your information as possible. Think about it this way: if you’re keeping your passwords stored in a note on your phone or a piece of paper, this is the equivalent of keeping your money in a bucket in your garden. Anything could happen to it. Whereas using a password manager is the equivalent of placing your money in a highly secure bank vault. It has rigorous security protocols in place to protect your money against theft.
Even if you create strong, varied passwords for all your accounts, if they’re stored in plaintext then they’re available on a server for a hacker to access. Once you’re using a password manager that encrypts your passwords, they’re much safer. The purpose of a password manager is to store and remember your information so that it’s always available when you need it and protected when you don’t.
Is end-to-end password encryption safe?
In a word, yes. It’s a secure way to store information, because even if a hacker is able to access the information, they can’t read it. Using a brute force attack, it would take hackers decades, centuries, or even longer to crack AES encrypted passwords(nuova finestra).
But good online safety requires more than encrypting your passwords:
- Strong, varied passwords created by a reliable password generator are essential for protecting yourself from being affected by a data breach.
- Creating a different password for each online account prevents hackers from being able to access multiple accounts with one password.
- If you share sensitive information such as passwords, credit card information, or personally identifiable information, this must be done securely and ideally through a secure link.
- Monitoring the dark web for any of your personal information protects you from having your information sold by data brokers and accessed by hackers.
If you’re looking to benefit from end-to-end encryption, Proton Pass offers easy-to-use password management. Have a look at our plans to see how we can help you stay safe online.
