Not Just Security, BastionPass Security!

Securing your data is our #1 priority.

Get Started Free
No credit card required.
But don’t just take our word for it…
Audited by Nettitude
Security you can trust.
Nettitude is an award-winning, independent third party provider of cybersecurity services. They help ensure that BastionPass encrypts, protects, and securely manages your data & privacy.
Download Security Assessment Letter

Secure architecture

BastionPass is using local-only security model. We do not process your data on our servers and keep it encrypted.

Secure architecture

Data Protection is Key

As your digital life expands so do the challenges in protecting it. Protecting your data from compromise is a core component of how we built BastionPass.

You own your data

Your data is always encrypted when it is stored on BastionPass servers or when it is in transit to your device. When you access your data, decryption takes place locally on your device, minimizing exposure and compromise to your passwords.

Encrypted Data

Your data is encrypted three times before being stored in the cloud. Even if someone was able to hack into your data, they'd find only unreadable gibberish. They would have to decrypt the data three times for it to make any sense to them!

Generated Key

When you create a master password to launch your account, a unique encryption key is generated. Your master password is required to decrypt and read your data. Without it, nobody - not even our employees - can access your data.

3 Layers Of Encryption

Our unique, triple-layered encryption process consists of:

Standard encryption
The industry-standard AES-256 encryption scheme on your device, using keys accessible only with your master password.
Secure HTTPS protocol
Internet transmission using secure HTTPS protocol, the same protocol used by banks to keep your records secure.
AWS Encryption
An additional layer of security utilizing the AWS Encryption At Rest feature. Our cloud provider encrypts the data using keys even we don’t have access to!

But We Don't Stop There...

In addition to our proprietary approach to encryption:

Every Safe Has Its Own Key
We use a unique key for every virtual safe within your account, whether private or shared. And we use asymmetric ELGamal encryption algorithms when you want to share your safe encryption keys with other account members. Even if one safe is compromised, it won't affect the others, letting you share specific safes with different members of your family or business associates without compromising other safes.
Secure Cloud Storage
Hosting your data in the cloud makes it available from anywhere in the world, whether at home or on the go. We store your data on Amazon Web Services (AWS), the number one cloud provider in the world. AWS maintains a large number of security compliance programs and companies like GE, Apple, Nasdaq rely on AWS for their hosting needs.
One Key To Rule Them All
Your Master Password is the only key to your encrypted data. We do not compromise your security with backdoors. We never store your password. We never even see it! There is no way to recover it. This makes your account as safe as possible, but it also requires you to take precautions to ensure that you never lose your master password.
Audited & Approved By Nettitude
Robust security is an ongoing, constantly changing battle with hackers. We've hired the cyber security experts at Nettitude to do everything they could to break through our proprietary, triple-layered security system and we passed all tests with flying colors. Even so, we are committed to ongoing tests, re-tests, and improving our security in every way possible.

Try BastionPass Free!

Ready to try out BastionPass for yourself?

Get Started Free
No credit card required.