Protect: password encryption

Hackers try to steal passwords in order to access your personal data or e-wallets. It is best to encrypt stored passwords, so even if hackers steal your passwords, they won't be able to use them.

  1. Password encryption in the browser
  2. Master password
  3. Gesture, PIN, fingerprint

Password encryption in the browser

The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.

However, even the most complex encryption algorithm will not protect your passwords if a hacker finds the encryption key. The master password lets you use very powerful encryption for the key.

The key is encrypted using the master password.

The master password is not stored on devices, so it can't be stolen. With a master password, you are protected from the following:

  • Theft of passwords stored on your smartphone.
  • Lost passwords if your smartphone is lost or stolen.
  • Your password vault being saved on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).

For more information about password encryption, see Password encryption in Yandex Browser.

Master password

A master password provides an additional level of security for your passwords. After you create a master password, the browser will request it during an attempt to open the password storage or enter a previously saved website password in a login form.

Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to storage is locked by the master password, which cannot be stolen, because it's not stored on devices.

  1. Create a master password
  2. Change a master password
  3. Delete the master password
  4. Time to block storage
  5. If you forget your master password

Create a master password

Attention. Memorize the master password, do not write it down anywhere and do not show it to anyone. If you forget your master password, your only option is to delete the passwords in storage.

To create a master password:

  1. Tap  → Settings.
  2. In the Passwords section, tap Settings.
  3. Tap Create master password.
  4. Enter the master password. We recommend using passwords that are complex but easy to remember.
  5. Tap Create.
  6. Then re-enter it to confirm.
  7. Tap Create.

Then you can save your password for sites in your browser and your password manager will only be accessible if you enter your master password. The master password you have created is not saved on the smartphone or on the server. Only a key encrypted with it is saved.

Change a master password

To create a master password:

  1. Tap  → Settings.
  2. In the Passwords section, tap Settings.
  3. Tap Change master password.
  4. Enter your current master password and tap Continue.
  5. Enter your new master password. We recommend using passwords that are complex but easy to remember.
  6. Then re-enter it to confirm.

After that, the key encrypted with the master password is re-encrypted and synced with your other devices at the next sync. The master password is not stored on your smartphone or the server.

Delete the master password

  1. Tap  → Settings.
  2. In the Passwords section, tap Settings.
  3. Tap Delete master password.
  4. Enter your current master password and tap Continue.

After that, the browser will no longer request the master password to access passwords. At the next sync, the master password will be deleted from other devices.

Time to block storage

You can change the time after which the browser blocks access to password storage and requests a master password during an attempt to access it:

  1. Tap  → Settings.
  2. In the Passwords section, tap Settings.
  3. Tap Confirm access when filing in saved passwords.
  4. Enter your current master password and tap Continue.
  5. In the Frequency section, select one of the following options: after browser restart, after lock screen, or never.

If you forget your master password

In this case, the only thing you can do is delete the passwords in storage and re-create the master password:

  1. In the form where you enter your master password, tap Forgot password.
  2. Tap Delete passwords.
  3. If you have a passcode on your smartphone, enter it.
  4. Re-create your master password

Gesture, PIN, fingerprint

To avoid entering the master password every time you want to access your website passwords, use your smartphone lock method instead (PIN, gesture, or fingerprint). Your passwords in storage will still be encrypted with the master password. Each time you unlock your device, the browser will first restore your master password and then decrypt the storage.

If you delete your master password, the browser will no longer ask for your PIN, gesture, or fingerprint.

To change the password unlock method:

  1. Tap  → Settings.
  2. In the Passwords section, tap Settings.
  3. Tap Confirm access when filing in saved passwords.
  4. Enter your current master password and tap Continue.
  5. In the Unlock with section, select one of the following options: master password, fingerprint, or PIN. The options available depend on your smartphone model.

If you didn't find the information you needed in the Support section, or are experiencing a problem with Yandex Browser, please give us a step-by-step description of your actions. Take a screenshot if possible. This will help our support specialists quickly find the solution to the issue you're experiencing.