Encryption and password security

SecuBox is a volume based encryption solution for Windows handhelds. It protects confidential information by storing it in one or more secure areas. Data residing in SecuBox secure areas remains absolutely safe even if the device is lost or stolen.

When you create an encrypted volume, SecuBox prompts you to select the name and properties of the container file, as well as the password that would protect this file from access. Then it generates a random 256-bit key, encrypts it and appends this encryption key to the file. This encryption key is used to encrypt and decrypt your information while reading from and writing to the SecuBox encrypted card.

It is the password you type in when creating the encrypted volume that protects access to the encrypted SecuBox volume. The encryption key itself is built from this password using SHA 512-bit algorithm. Your password is the key to your encrypted information – it is the only way to decrypt the encrypted storage you created using SecuBox encryption software and get access to your confidential information stored on your PDA or smartphone.

Password Strength Meter

SecuBox provides Password Strength Meter which assists you in selecting your password. Password Strength Meter checks the password for complexity and against dictionaries.

To decrease the chances of someone ever guessing your password, select a hard-to-guess, or strong password. A strong encryption password must be as long as possible (never shorter than 8 characters), include mixed-case letters, include digits and punctuation marks, not be based on any personal information, not be based on any dictionary word, in any language.

Your password must:

  • Be at least 8 characters long – each character that you add to your password increases the protection that it provides many times over. 14 characters or longer is ideal, but please, make sure you are able to remember it. (Note: there are no backdoors nor escrow keys in SecuBox software, hence we will NOT be able to help you if you forget your password).
  • Contain the following characters – the greater variety of characters that you have in your password, the harder it is to guess and get access to the encrypted data on your mobile device:
    – Upper case letters
    – Lower case letters
    – Numbers
    – Special characters such as !,@,#,$,%,^,&,*,?,_,~
  • Not include dictionary words – this is the first thing criminals do when attacking your mobile device – use dictionary based attacks to bruteforce your password. Do not include characters (AAA) and sequences (abc, cbs, 11111, 123, 321, qwerty)
  • Avoid your login name. Any part of your name, birthday or social security number is a bad password choice.

It can be difficult to choose a good password: the password should be fairly long and shouldn’t be guessable, but at the same time it should be easy to remember.

To ease password selection procedure, and ensure it is as secure as possible, we have implemented the Password Strength Meter, which uses sophisticated methods to evaluate the quality of your password. Our advanced algorithms will help you create a strong password to ensure that no one will be able to brute-force it and get access to the encrypted Windows Pocket PC or smartphone data.

 

Password security policies

  • Never disclose the password to the encrypted data on your Windows Pocket PC or smartphone. If you need to share it with someone who need to access your encrypted device, make sure you change it immediately. Never send it by instant messenger, email or any other means of communication unless encrypted.
  • Never write down your password. Passwords that are written down can be easily stolen. Do not use sticky notes to write down your passwords.
  • Never store your password in a third-party program. Do not trust the security of the important information you carry with you on your mobile device to any password managers.