Protect: password encryption

Hackers try to steal passwords in order to access your personal data or e-wallets. If your passwords are encrypted, hackers can't use them even if they steal the entire password database. The better your password encryption, the more securely you can surf the internet.

  1. Password encryption in the browser
  2. Master password

Password encryption in the browser

The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.

However, even the most complex encryption algorithm will not protect your passwords if a hacker finds the encryption key. The master password lets you use very powerful encryption for the key.

The key is encrypted using the master password. If you forget your master password, you can reset it using a recovery key.

The master password is only stored in your memory and can't be stolen. With a master password, you are protected from the following:
  • Theft of passwords stored on your smartphone.
  • Lost passwords if your smartphone is lost or stolen.
  • Your password vault being saved on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).

For more information about password encryption, see the Password encryption in Yandex Browser document.

Master password

A master password provides an additional level of security for your passwords. After you create a master password, the browser will request it during an attempt to save the password on the website, enter the password into a login form or open password storage.

Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to storage is blocked by the master password, which cannot be stolen, since it's stored only in your memory.

  1. Create a master password
  2. Delete a master password
  3. Time to block storage
  4. If you forget your master password

Create a master password

Attention. Memorize the master password, do not write it down anywhere and do not show it to anyone. If you forget your master password, you can only restore your passwords if you have a backup encryption key.

To create a master password:

  1. Tap  → Settings.
  2. Go to Passwords.
  3. Tap Create master password.
  4. Enter the master password. We recommend using passwords that are complex but easy to remember.
  5. Tap Continue.
  6. Then re-enter it to confirm.
  7. Tap Create master password.

Delete a master password

  1. Tap  → Settings.
  2. Go to Passwords.
  3. Tap Delete the master password.
  4. Enter the master password and tap Confirm.

Then your master password will then be deleted from your smartphone. At the next sync it will also be deleted from all other synced devices.

Time to block storage

You can change the time after which the browser blocks access to password storage and requests a master password during an attempt to access it:

  1. Tap  → Settings.
  2. Go to Passwords.
  3. Tap Access to saved passwords.
  4. Enter the master password.
  5. In the Lock access section, select the appropriate option: after relaunching the browser, after blocking the screen, or never.

If you forget your master password

  1. In the form where you enter your master password, tap Forgot password.
  2. Tap Delete passwords.
  3. Enter your Yandex password.
  4. Re-create your master password