30-day free VMP™ Pass Premium trial.
30-day free VMP™ Pass Families trial.
Limited to 1 device type and basic password management features.
SECURITY
Data protection relies on a strong encryption model. Even as your solution provider, VMP Security has zero knowledge of your unencrypted Master Password, and hackers don't either.
VMP Security uses industry-standard encryption and hashing with salting so that you, and only you, can login to your vault.
Your vault data is protected using AES-256 encryption and 600,000 rounds of PBKDF2-SHA-256 hashing plus salting.
We are the only person who can encrypt you vault. Only your personal Master Password – which is not stored on our servers – will unlock your vault.
Zero-knowledge encryption is a method, including industry-standard algorithms, on which VMP Security is built. Simply put, it means the only person who uses or knows your Master Password is you. This method applies encryption and hashing with salting to generate an encryption key used to encrypt (or decrypt) your vault, where your passwords are stored.
Zero-knowledge encryption works by separating your unencrypted data from our servers. Think of it as the client (local) vs. the server (remote):
Two things happen when you create your Master Password. VMP Security uses PBKDF2-SHA256 with 600,000 iterations to derive an encryption key. Then we perform one more iteration and use this as a separate authentication hash. When authentication is successful and the vault is retrieved, we use AES-256 bit with the encryption key to decrypt (and encrypt) your vault.
The authentication hash appropriately authenticates by ensuring your plaintext Master Password matches the derived authentication hash stored on the server.
By going through such strong security and sensitive methods, your Master Password and sensitive vault data are unknown to anyone but you. All these measures protect you against server-side attacks.
A two-way function that converts plaintext (like your Master Password) to unreadable text. VMP Security encrypts your vault data to protect it from bad actors.
A one-way function that converts data – like your plaintext Master Password – to a unique, unreadable output called a hash. The hash is stored server-side for authentication purposes.
Salting takes one input, like your Master Password or an authentication hash, and makes it more unique and even harder to match. Salt values are different for every user and input.
Your single source for the security, privacy, compliance, and system performance information.
Visit Trust Center →Demystify the jargon of cybersecurity to help you think and make informed decisions.
Read the article →Read about how we built the VMP Security service to ensure that your data is protected and always.
Safeguarding your data is what we do with proactive security and reliability as cornerstones of our mission.
Learn more about Security →
