Password encryption

Hackers are trying to steal passwords in order to access your personal data or e-wallets. To prevent somebody from using stolen passwords, Yandex Browser stores passwords in the manager in encrypted form. You can strengthen this protection with a master password.

Password encryption in Yandex Browser

The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.

However, even the most complex encryption algorithm will not protect your passwords if a hacker learns the encryption key. The master password allows you to securely protect the key.

The key is encrypted using the master password.

The master password is not stored on devices, so it can't be stolen. With a master password, you are protected in case that:

  • Theft of passwords stored on your tablet.
  • Losing passwords if your tablet is lost or stolen.
  • Synced data stored on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).

This option is less reliable due to the following risks:

  • Anyone who opens Yandex Browser for Mobile on your tablet can view your passwords in the manager.
  • Your encryption key is protected by your operating system, rather than a master password. If hackers access to your tablet, they can steal and decrypt your passwords.
  • Yandex can access your passwords during syncing.

Master password

A master password provides additional protection for passwords. Yandex Browser will request a master password during an attempt to open the password vault or enter a previously saved website password in a login form.

Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to the vault is locked by the master password, which cannot be stolen, because it's not stored on devices.

Create a master password

Change a master password

Delete a master password

Time until password vault lock

If you forget your master password

Create a master password

Alert

Memorize the master password, do not write it down anywhere and do not show it to anyone. If you forget your master password, you can only restore your passwords if you have a backup encryption key.

To create a master password:

  1. Tap .

  2. Tap Create master password.

  3. Enter the master password. Create a complex yet easy-to-remember password.

  4. Tap Create.

  5. Enter the master password again.

  6. Tap Create.

Now you will have to enter the master password to save a password for a site in Yandex Browser or open the password manager. The master password is not saved on your tablet or on the server. Only a key encrypted with it is saved.

Change a master password

To change the master password:

  1. Tap .

  2. In the Passwords and cards section, tap My infoSettings.

  3. Tap Change master password.

  4. Enter your current master password and click Continue.

  5. Enter your new master password. We recommend using passwords that are complex but easy to remember.

  6. Then re-enter it to confirm.

After that, the key encrypted with the master password is re-encrypted and transferred to your other devices during the next synchronization. The master password is not saved on your tablet or on the server.

Delete a master password

  1. Tap .

  2. Tap Delete master password.

  3. Enter your current master password and tap Continue.

After that, the browser will no longer request the master password to access passwords. At the next synching, the master password is deleted from the other devices.

Time to lock password vault

Choose when Yandex Browser will lock the password vault and start requesting the master password during an attempt to access it:

  1. Tap .

  2. Tap Confirm access when filling in saved passwords.

  3. Enter your current master password and tap Continue.

  4. In the How often section, choose After restart, After lock screen, or Never.

If you forget your master password

In this case, the only thing you can do is delete the passwords in storage and re-create the master password:

  1. In the form where you enter your master password, tap Forgot password.
  2. Tap Delete passwords.
  3. If you have a passcode on your tablet, enter it here.
  4. Re-create your master password.

Passcode, Touch ID, Face ID

To avoid entering the master password every time you unlock your tablet, lock the device using one of the conventional methods instead (passcode, Touch ID, or Face ID). Your passwords in the storage will still be encrypted with the master password. Each time you unlock your device, the browser will restore your master password and then decrypt the password vault.

If you delete your master password, the browser will no longer ask for your (passcode, Touch ID, or Face ID).

To change the password unlock method:

  1. Tap .

  2. In the Passwords section, tap Settings.

  3. Tap Confirm access when filling in saved passwords.

  4. Enter your current master password and tap Continue.

  5. In the Confirmation method section, select the option you need. The options available depend on your model.

Learn more

Contact support
Previous
Managing passwords
Next
Syncing passwords