3.26. Are there vulnerabilities in KeyReel?¶
We use the best algorithms and technologies available for our software. We use best industry practices, extensive testing, and periodic security reviews to ensure the quality of our software. KeyReel is an offline password manager that is not accessible from the Internet and does not communicate with any computer via the Internet. This makes it less vulnerable than many cloud password managers.
All Bluetooth communications are encrypted with a unique AES key and pairing process that ensures that only a specific phone and computer pair can decrypt the communication data. Even if a hacker monitors Bluetooth traffic, it will not be possible to decrypt it without secret keys stored on a device. This makes it safe to use KeyReel even in public places.
KeyReel’s browser extension and Bluetooth connectors do not store passwords in their memory or locally on the computer. Data is requested, transferred, entered, and promptly erased from the computer memory.
Getting access to the phone, breaking into the phone’s KeyChain storage, and breaking into an encrypted database is an extremely complex and expensive operation that would require an enormous amount of computation time.
While we are confident our software is best in class, there is no such thing as perfect security or perfect software. We continuously improve our software and release updates. Be sure to update the app on your phone and computer when you are notified of updates.
If your phone is stolen, we recommend promptly changing the passwords to all your sites. Also note that malware can monitor and retrieve passwords on a computer, bypassing or using the KeyReel extension. KeyReel is no substitute for antivirus or firewall software.
If you have questions or concerns, please don’t hesitate to contact us.