About KBPass
The most secure Online Password Management System we could find. Built to be fast, light weight and serve a purpose.
Password Management
KBPass is an extremely secure online Username and Password management tool that forces users to have unique and highly secure passwords (and Usernames if desired) while providing an easy and secure way to store them all.
KBPass is accessible from any computer with Internet access.
KBPass is accessible from any computer with Internet access.
Why use KBPass?
Many people, including us use the same Username and Password on every site we sign up for, which is highly insecure, but is convenient as we have difficulty remembering all the different Usernames and Passwords for each site.
If someone finds your Username and Password at one site, they have access to every site you use the same Username and Password, which could be your Bank, Email, ISP, Work etc.
KBPass lets you input a Site URL, and if you don't enter a Username will produce a unique 10 character Username and a unique, randomly generated 10 character Password to use on the Site URL you entered. This means if someone gets your Username and Password for one site, they can not access any other site, because they are all different.
When you go to a site, simple login to KBPass, enter a portion of the Site URL and it will display the Username and Password for you.
If someone finds your Username and Password at one site, they have access to every site you use the same Username and Password, which could be your Bank, Email, ISP, Work etc.
KBPass lets you input a Site URL, and if you don't enter a Username will produce a unique 10 character Username and a unique, randomly generated 10 character Password to use on the Site URL you entered. This means if someone gets your Username and Password for one site, they can not access any other site, because they are all different.
When you go to a site, simple login to KBPass, enter a portion of the Site URL and it will display the Username and Password for you.
How secure is KBPass?
KBPass is highly secure.1. We use HTTPS for all communication, this means all traffic between you and the KBPass server is encrypted, helping prevent someone snooping on the traffic to find out your Usernames and Passwords.
2. We use a 3 Login Password system, which allows users to have easy to remember Login Passwords while still remaining fairly secure.
From a Web Attack, each Login attempt, successful or failed, has a 500 millisecond wait minimum, which lengthens the amount of time to brute force the system. Every 5 failed Login attempts with the same Username within 5 minutes results in a 15 minute Login Ban for that Username.
3. If there are 15 unsuccessful attempts within 24 hours, the account is suspended and an email is sent to the registered email address to reactivate, which requires the correct 3 Login Passwords.
4. If the same IP address is logged with 5 or more unsuccessful attempts on our System, that IP is disallowed access to any account on our System for 7 days.
5. All Site URL and Usernames are stored unencrypted, but each Password stored in our database is encrypted using the Blowfish method then using Rijndael (AES) and then using 3DES with your 3 Login Passwords. This means that without your 3 Login Passwords, the stored Passwords are gibberish.
6. The 3 Login Passwords are individually md5'd, then combined and md5'd again, then encrypted using Rijndael (AES), 3DES, Blowfish, Cast, Gost and finally with DES, this is repeated multiple times and then stored in one database field.
7. Our database, database admin module and Linux server are also protected by individual uniquely generated password similar to the KBPass system, but somewhat more enhanced for security of all KBPass Users.
8. KBPass runs on our own dedicated server, in a secure facility which only allows Staff access.
What all this adds up to is without your 3 Login Passwords, you have no hope of retrieving any of your sites passwords. But then neither does anyone else.
2. We use a 3 Login Password system, which allows users to have easy to remember Login Passwords while still remaining fairly secure.
From a Web Attack, each Login attempt, successful or failed, has a 500 millisecond wait minimum, which lengthens the amount of time to brute force the system. Every 5 failed Login attempts with the same Username within 5 minutes results in a 15 minute Login Ban for that Username.
3. If there are 15 unsuccessful attempts within 24 hours, the account is suspended and an email is sent to the registered email address to reactivate, which requires the correct 3 Login Passwords.
4. If the same IP address is logged with 5 or more unsuccessful attempts on our System, that IP is disallowed access to any account on our System for 7 days.
5. All Site URL and Usernames are stored unencrypted, but each Password stored in our database is encrypted using the Blowfish method then using Rijndael (AES) and then using 3DES with your 3 Login Passwords. This means that without your 3 Login Passwords, the stored Passwords are gibberish.
6. The 3 Login Passwords are individually md5'd, then combined and md5'd again, then encrypted using Rijndael (AES), 3DES, Blowfish, Cast, Gost and finally with DES, this is repeated multiple times and then stored in one database field.
7. Our database, database admin module and Linux server are also protected by individual uniquely generated password similar to the KBPass system, but somewhat more enhanced for security of all KBPass Users.
8. KBPass runs on our own dedicated server, in a secure facility which only allows Staff access.
What all this adds up to is without your 3 Login Passwords, you have no hope of retrieving any of your sites passwords. But then neither does anyone else.
What if the KBPass server is hacked?
In the unlikely event that the KBPass server is hacked, they will be able to see all the Site URLs and Usernames, your Password will be encrypted as mentioned in 'How secure is KBPass', they would require the 3 Login Passwords to unencrypt these Passwords. Your 3 Login Passwords are stored in a format that means they can not be unencrypted, to crack them would take a brute force attack trying all password combinations.
