Password encryption
Hackers are trying to steal passwords in order to access your personal data or e-wallets. To prevent somebody from using stolen passwords, Yandex Browser stores passwords in the manager in encrypted form. You can strengthen this protection with a master password.
Password encryption in Yandex Browser
The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.
However, even the most complex encryption algorithm will not protect your passwords if a hacker learns the encryption key. The master password allows you to securely protect the key.
The key is encrypted using the master password. If you forget the master password, you can reset it using a recovery key.
The master password is not stored on devices, so it can't be stolen. With a master password, you are protected in case that:
- Theft of passwords stored on your tablet.
- Losing passwords if your tablet is lost or stolen.
- Synced data stored on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).
This option is less reliable due to the following risks:
- Anyone who opens Yandex Browser for Mobile on your tablet can view your passwords in the manager.
- Your encryption key is protected by your operating system, rather than a master password. If hackers access to your tablet, they can steal and decrypt your passwords.
- Yandex can access your passwords during syncing.
Master password
A master password provides additional protection for passwords. Yandex Browser will request a master password during an attempt to open the password vault or enter a previously saved website password in a login form.
Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to the vault is locked by the master password, which cannot be stolen, because it's not stored on devices.
Time until password vault lock
If you forget your master password
Create a master password
Alert
Memorize the master password, do not write it down anywhere and do not show it to anyone. If you forget your master password, you can only restore your passwords if you have a backup encryption key.
To create a master password:
-
Tap → Settings.
-
Select Passwords.
-
Tap Create master password.
-
Enter the master password. Create a complex yet easy-to-remember password.
-
Tap Continue.
-
Enter the master password again.
-
Tap Create master password.
-
Yandex Browser will suggest creating a recovery key. We strongly recommend doing this.
Alert
If you forget your master password, your only option would be to delete all the passwords. With a recovery key, you can restore access to them.
Now you will have to enter the master password to save a password for a site in Yandex Browser or open the password manager. The master password is not saved on your tablet or on the server. Only a key encrypted with it is saved.
Delete a master password
-
Tap → Settings.
-
Select Passwords.
-
Tap Delete master password.
-
Enter the master password and tap Confirm.
After that, the browser will no longer request the master password to access passwords. At the next synching, the master password is deleted from the other devices.
Time to lock password vault
Choose when Yandex Browser will lock the password vault and start requesting the master password during an attempt to access it:
-
Tap → Settings.
-
Select Passwords.
-
Tap Access to saved passwords.
-
Enter the master password.
-
In the Lock access section, choose After restart, After lock screen, or Never.
If you forget your master password
Note
If you reset the master password without a recovery key, saved passwords will be deleted.
If you have created a recovery key:
- In the form where you enter your master password, tap Forgot password.
- Tap Reset master password.
- Enter your Yandex ID password.
- Re-create your master password.
If you haven’t created a recovery key, you won’t be able to restore access to your passwords.
Gesture, PIN code, fingerprint
To avoid entering the master password every time you unlock your , lock the device using one of the conventional methods instead (PIN, gesture, or fingerprint). Your passwords in the storage will still be encrypted with the master password. Each time you unlock your device, the browser will restore your master password and then decrypt the password vault.
If you delete your master password, the browser will no longer ask for your (PIN, gesture, or fingerprint).
Note
The lock method is linked to the device. That's why you can't use a PIN from one to get access to passwords stored on another one.
To change the password unlock method:
-
Tap → Settings.
-
Select Passwords.
-
Tap Access to saved passwords.
-
Enter the master password.
-
In the Unlock with section, select one of the options: master password, fingerprint, gesture, or PIN. The options available depend on your model.
Backup encryption key
The master password serves to make your passwords more secure, but what if you forget it? Yandex Browser has a convenient and reliable way to reset the master password.
The master password is only needed to decrypt the private key, so if you keep a copy of the private key (a spare encryption key), you can extract it and encrypt it with a new master password.
Some password managers suggest that the user prints out the recovery key (in some cases, as a QR code). This method isn’t secure enough because the printout could be lost. That's why we store the spare encryption key on your device and encrypt it with another additional key, which we store on the server. You can access the key on the server only after entering your Yandex ID password. It's very unlikely that a hacker could steal all three: the spare key from the device, the key from the server, and your Yandex ID password.
To prevent you from accidentally losing access to the password vault, Yandex Browser suggests creating a recovery key immediately after creating the master password:
- When the Enable option to reset master password? window opens, tap Enable.
- Enter your Yandex ID password.
Since one of the keys is stored on the server, syncing is required. If syncing is not enabled, it will be enabled automatically after entering the Yandex ID password.