Yandex.Browser applies additional password protection against:
Identical passwords. This is a serious security threat. By getting the password to one account, an attacker can gain access to all the other accounts.
For example, if you use the same password for your online bank and for an online store, employees of the online store, unknown to you, can get access to your personal bank account.
It is particularly dangerous to use the same password for HTTPS and HTTP websites. As passwords for HTTP websites are not encrypted, they can be intercepted by hackers who can use these passwords on an HTTPS website to steal personal data or money.
Once you enter a password on an important website, your browser will create a fingerprint (hash) and save it in its database When you enter passwords on other websites, the browser will compare their hashes with the database. If a match is found, before sending a password to the server the browser will ask you to confirm that you want to use the same password on several websites:
In the lower part of the Settings page, click the Show advanced settings button.
Passwords for important sites are saved by Yandex.Browser as hashes. As passwords are not stored as plain text, malicious users will not be able to get access to your personal information even if they steal the password database.
Cryptographic hashing helps transform a password into a unique character sequence that can be easily used for password identification, but it is practically impossible to restore an original password using it. For example, the string “hello” after hashing can be transformed into the sequence “2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824”.
Yandex.Browser uses SCrypt algorithm for hashing. This algorithm generates a hash using not only the central processor, but also multiple read/write operations in the memory. Such an approach makes it difficult to match passwords, for example a hacker will not be able to accelerate searches by using a video card processor. For example, SCrypt algorithm is used in LiteCoin crypto currency.
As a result, it will take a malicious user more than 100 years to match a six-digit password, including uppercase letters, lowercase letters, numbers, and special characters.