Why do I need StrongBox?

You need Strongbox to organize and secure your personal text data bits. Things like account numbers, credit card numbers and passwords have no natural, secure home on the computer or phone. They do now! 

You also need Strongbox because computers are inherently unsafe and unreliable. For example, by default your files are not encrypted. Anyone that gains access to your computer can easily read your documents. Strongbox utilizes encryption to prevent this. Another problem is that computers and phones break or get lost. It is not a question of IF your device will fail but WHEN. Storing your data offsite, as Strongbox does, makes your data independent of these devices. Strongbox does this seamlessly without any setup. 

To sum up, the Strongbox Cloud secures, backs up and syncs your data across all your devices. Without it your data sits on a single device, where it's hard to access and easy to lose.

What is it for?

Strongbox is a reliable, secure storage service for assorted short text information. It is the perfect place for credit card numbers, account numbers, keys or any other sensitive data. It is also a great password manager and password generator. Strongbox provides a redundant off-premise backup for this information, so it is never lost. The encryption key isn't stored anywhere and cannot be reset, which is why Strongbox is more secure than virtually all other online storage services. 

Strongbox is intentionally isolated from your browser and all other applications. It is not meant to be a single click website login or a form filler application, these kinds of apps, due to their very nature, sacrifice security for convenience. Strongbox maintains a clear boundary between your data and the outside world.

How much does it cost?

The Strongbox apps themselves are free and fully functional, allowing you to store your data on your phone or PC for free. If you choose to subscribe to the Strongbox Cloud service, the cost is $11/year USD. With a subscription you gain all the benefits mentioned above. The subscription is for a year and you can cancel at any time. If your subscription runs out, you can still access your data. In other words you're in charge!

Is this secure?

In short: Yes! We use the same secure methods as banks and the military to send and store your information. Mathematically proven encryption (AES-256 CBC) secures your data. This means you can give your Strongbox to anyone (including our online backup server), and it will be unreadable, as only you can decrypt your Strongbox. The password isn't stored anywhere and cannot be reset. Anyone trying to break it would require years and years of calculation on the fastest supercomputers.

What is Strongbox secure sharing?

Strongbox lets you securely share the contents of your boxes by requiring the receiving party to enter the box master password.
  • It is secure, as no other party or system on the Internet knows the decryption password, which is the case for virtually all other password managers, file sharing services, etc.
  • Only you and the shared users have the password, it is not stored anywhere.
  • Split the master password and send it to recipients via multiple methods increasing security (i.e. email, SMS, regular mail, telephone, etc.)
  • Ideal for business use, where multiple individuals need to share and synchronize many login credentials and other secure tokens.
  • Use it to send credit card numbers, passwords, etc. between your family, friends and co-workers.

Secure box share is a feature unique to Strongbox, letting you share important text data with ease without sacrificing security.

I use LastPass..

Strongbox is actually complimentary to LastPass and similar solutions. Think of Strongbox as a permanent home for not just passwords but any type of important text content. You can manage multiple 'boxes' of secure content with varied levels of security and access. Letting you for example share groups of logins or account numbers with individuals and keep it all in sync.

Unlike these auto-login and form filling plugins Strongbox offers isolation and a clear secure boundary for your data. It doesn’t automate as automation inevitably lowers security. It doesn’t work inside a web page as HTML as that exposes your data to unknown and perhaps unsecure browser plugins and scripts.

Why not use SkyDrive or DropBox?

We considered adding DropBox or SkyDrive sync functionality. However, decided against it as there were no real benefits for our users. In fact, there are potential reliability/data loss issues as well as a more complex configuration experience. DropBox/SkyDrive are plain old file systems, the only difference is that they are in the cloud. This means any app or even the user themselves can accidentally erase the files Strongbox uses for backup and sync, resulting in data loss. Also Strongbox wouldn't be able to guarantee a reliable sync due to API limitations with these services. Using our own specialized storage service solves all these problems and results in increased performance and lower bandwidth usage.

Why online backup? Can I trust the cloud?

Though your information may be secure on your computer, it completely depends on that device. Put another way, in case of failure or damage all your data is lost. With Strongbox we upload the encrypted information to our datacenter where we hold 3 redundant copies of your data in separate physical locations. This ensures device independence and failure protection for your data.

Data is actually safer while stored in your Strongbox and backed up online then on the average computer or phone. On your computer, it is normally unencrypted and susceptible to computer failure. For example, after gaining access to your device, a hacker or spyware can then easily read information on your computer. They can't, however, look inside your Strongbox, as they don't have the key. Only you have they key.

Can you read my information?

No! We do not have the ability to read your Strongbox contents as the decryption key is not stored on our servers. This is a unique feature of Strongbox not found with other online storage services. Only you can decrypt your data. This means Strongbox employees aren't able to access user data, and when troubleshooting an account we can only see the following information: box name, box description, box size, and the last time the box was changed. The box contents are encrypted and there is no way for us to decrypt it.

Where is my information stored?

Your data is always stored encrypted, and backed up in 3 redundant physical locations. Your data is stored in a secure world class datacenter with 99.8% service uptime.

What makes a good StrongBox password?

Generally the longer and more random the better. However for your Strongbox you need a password you can remember, passphrases can be used for this.

Passphrases are typically 5 words or longer. A simple example would be "cayman unearned core gurnard hypogeal stedfast". For added security, use varying languages, non-sensical or uncommon words, mix in random num3ers or $ymbols and use nOn-staNdard casing.

Passphrase suggestions:
  • Long enough to be hard to guess (e.g. automatically by a search program, as from a list of famous - phrases) at least 5 words.
  • Not a famous quotation from literature, holy books, et cetera
  • Hard to guess by intuition—even by someone who knows the user well
  • Easy to remember and type accurately
  • Uses non-standard casing and non-alphanumeric characters

More information on passphrases