Protect: password encryption
Hackers try to steal passwords in order to access your personal data or e-wallets. It is best to encrypt stored passwords, so even if hackers steal your passwords, they won't be able to use them.
Password encryption in the browser
The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.
However, even the most complex encryption algorithm will not protect your passwords if a hacker finds the encryption key. The master password lets you use very powerful encryption for the key.
The key is encrypted using the master password. If you forget your master password, you can reset it using a recovery key.
The master password is not stored on devices, so it can't be stolen. With a master password, you don't have to worry about:
- Your tablet's password vault being stolen.
- Losing passwords in the case that your tablet is lost or stolen.
- Saving your synced data on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).
This option is less reliable due to the following:
- Anyone who opens mobile Yandex.Browser on your tablet can easily view your passwords in the manager.
- You encryption key is protected by your operating system, rather than a master password. If someone gets access to your tablet, they can steal and decrypt your passwords.
- Yandex can access your passwords during syncing.
For more information about password encryption, see Password encryption in Yandex Browser.
Master password
A master password provides an additional level of security for your passwords. After you create a master password, the browser will request it during an attempt to open the password storage or enter a previously saved website password in a login form.
Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to storage is locked by the master password, which cannot be stolen, because it's not stored on devices.
Create a master password
To create a master password:
- Tap .
- Go to the Passwords section.
- Tap Create master password.
- Enter the master password. We recommend using passwords that are complex but easy to remember.
- Tap Continue.
- Then re-enter it to confirm.
- Tap Create master password.
Then you can save your password for sites in your browser and your password manager will only be accessible if you enter your master password. The master password you created is not saved on the tablet or on the server. Only a key encrypted with it is saved.
Delete the master password
- Tap .
- Go to the Passwords section.
- Tap Delete master password.
- Enter the master password and tap Confirm.
After that, the browser will no longer request the master password to access passwords. At the next sync, the master password will be deleted from other devices.
Time to block storage
You can change the time after which the browser blocks access to password storage and requests a master password during an attempt to access it:
- Tap .
- Go to the Passwords section.
- Tap Access to saved passwords.
- Enter the master password.
- In the Lock access section, select an option: after relaunching the browser, after blocking the screen, or never.
If you forget your master password
If you already created a backup encryption key:
- In the form where you enter your master password, tap Forgot password.
- Tap Reset master password.
- Enter your Yandex password.
- Re-create your master password
If you didn't create a backup encryption key, you won't be able to restore access to your passwords.
Gesture, PIN, fingerprint
To avoid entering the master password every time, lock your tablet with one of the conventional methods instead (PIN, gesture, or fingerprint). Your passwords in storage will still be encrypted with the master password. Each time you unlock your device, the browser will first restore your master password and then decrypt the storage.
If you delete your master password, the browser will no longer ask for your PIN, gesture, or fingerprint.
To change the password unlock method:
- Tap .
- Go to the Passwords section.
- Tap Access to saved passwords.
- Enter the master password.
- In the Unlock with... section, select an option: master password, fingerprint, gesture, or PIN. The options available vary depending on your tablet model.
Backup encryption key
If you forget your master password, you can only restore your passwords if you have a recovery key. To create one, you will need to enable syncing.
To change your master password, you will not only need a recovery key, but also a special file. It will be created automatically when you enter your master password for the first time and save it locally. That's why even Yandex can't decrypt your passwords.
To restore access, you must enter the password to your Yandex account. The likelihood that a hacker could simultaneously steal the key from the server, the file from your device, and your Yandex account password is very low.
To create a backup encryption key, tap Enable as soon as you create a master password in the window that opens. If your device hasn't synced, enable syncing by entering your Yandex password.