Introductory email content

documentation
#1

This topic contains the latest content from the emails that we send out to new Kee Vault subscribers during the free trial period.

We think that receiving this information gradually throughout your trial period is more manageable for you and more likely to reinforce what you learn as you experience Kee Vault for the first couple of weeks but we appreciate that you might prefer to grab a coffee and read through the whole lot in one go.

If you have not opted to receive these emails you can either expand the sections below to see all the content from every email OR change your account preferences after signing in to Kee Vault (Note that the emails may be delivered over a shorter period than if you opted-in immediately at registration time).

Introduction to Kee Vault

Thanks for trying out Kee Vault!

As requested, this is the first of a handful of introductory emails. Over the next two weeks we’ll send some more emails on the following topics:

  • Security
  • Customisation
  • Availability
  • Compatibility

To start with, here are a few general tips about using Kee Vault.

Browser extension

If you’re not already using the Kee browser extension for Firefox and Chrome, check it out - it enables automatic form filling and saving new logins right from the website you want to log in to. The Kee Vault app is designed to be easy to use even without the browser extension but nothing beats the time saving that you’ll get from having your signin credentials for a website available as soon as you load the website.

Mozilla Firefox: https://addons.mozilla.org/firefox/addon/keefox/
Google Chrome: https://chrome.google.com/webstore/detail/kee/mmhlniccooihdimnnjhamobppdhaolme

Copy to clipboard

You’ve got a password stored in Kee Vault now but how do you get to it when you need to?

If the browser extension isn’t available for your preferred web browser or if you’re accessing your passwords on a mobile device, the easiest way is to copy the password into your system clipboard and then paste it into wherever it is required.

To copy the password (or any other entry field) you can click on the field name, in this case the word “Password”. The desktop keyboard shortcut “Ctrl + C” will also copy the password value to the clipboard if you prefer using a keyboard rather than a mouse.

Generate a password

Using the browser extension or the Kee Vault app, you can generate new random passwords that are highly secure. Let Kee Vault create and safely store a secure password for you so that can avoid the risk of using similar passwords everywhere and avoid waiting for password reset emails when you forget.

Save/sync

When you click Save, your protected Vault gets saved to your local device first and then Kee Vault will save it to the Kee Vault secure cloud, ready for you to access it from any other device whenever you need it. Your Vault is always protected before leaving your device so even if someone maliciously accesses the Kee Vault servers, your private data is not at risk. We’ll explain a bit more about this protection in the 2nd introduction email in a few days time.


Kee Vault security

Security

Everything about Kee Vault is focussed on ensuring that you have simple access to the highest security. In this 2nd introductory email we’ll outline some of the tips and benefits that most impact the security of your Kee Vault.

Open source

We naturally strive to be trustworthy and believe that our experience, processes and quality software achieve this but our open source approach means that you don’t actually have to trust us in order to be confident in the security of your passwords!

All Kee Vault security software is open source because this is the only safe way to develop security software. You, or technically capable friends and family, can review the code that will interact with your secret passwords to verify that it really does what we claim it does; there’s no need to implicitly trust any companies or individuals, in contrast to most other commercial password managers and web browsers like Google Chrome.

You can read a bit more about this and access the source code via https://www.kee.pm/open-source

Malware

Having access to your passwords from any web browser is very convenient but just like with signing on to any other internet service, you should beware of the risk of malicious software running on the device that you sign in with.

Kee Vault, like other password managers has a limited amount of protection against malicious software running on your device but, like all password managers, it is impossible to protect against most threats. Given the attractive nature of any collection of passwords, it is reasonable to assume that someone who wants to target your stored passwords will easily work around the limited protections that can be put into place.

To minimise your risk, try to avoid using untrusted (e.g. public) devices and keep your web browser and device up to date with the latest security updates.

AES-256 security

Kee Vault protects your passwords using Advanced Encryption Standard (AES / Rijndael). AES is a US federal government standard and is approved by the National Security Agency (NSA) for top secret information. We use a 256 bit key size. AES-256 is recommended for protecting secrets for around 50-100 years - essentially right up until the limit of anyone’s best predictions of future technology development. Of course, these predictions will be updated as these distant times get closer so we’ll be keeping up to date with new technology and research so that we can make changes in future to ensure your ongoing protection.

There are many details to ensuring the secure use of AES so the more technical among you might be interested in some of those details: We use CBC block cipher mode so plaintext patterns are concealed; an initialization vector (IV) is generated randomly each time the vault is saved so that multiple databases encrypted with the same master key cause no problems; The authenticity and integrity of the data is ensured using a HMAC-SHA-256 hash of the ciphertext (Encrypt-then-MAC scheme).

Argon2 security

Should your encrypted Vault become available to a malicious entity, it is important that they are not able to simply try all possible master passwords. With no further protection, an AES encrypted password store like Kee Vault can be attacked at a rate of over a billion guesses per second. Even with a strong master password, at this rate it is feasible that an attacker may get lucky, especially if they focus on variations and combinations of commonly used passwords.

A process called key stretching provides protection against this risk. This forces anyone that wants to open the database to spend extra effort on each guess. For you, a small delay while opening your Vault using the correct password is a minor (and sometimes invisible) inconvenience but for an attacker it significantly reduces the number of guesses that can be made before the contents within becomes so old that it is worthless to the attacker.

Until recently, a technique called PBKDF2 has been the recommended way to perform this key stretching. It is susceptible to attacks that use specialised computers or the general purpose graphics processors available in many affordable consumer computers. To protect against attacks using these easily-purchased computers, Kee Vault uses a newer technique called Argon2.

This technique is slower than PBKDF2 so the security delays when opening and saving your Vault are more likely to be perceivable, at least for the next year or two. We think this is a sensible trade-off in exchange for offering higher security than other password managers.


Customising Kee Vault

Customisation

Dislike light coloured backgrounds? Do you have the eyesight of a hawk or need a bit more help in that area? Is English not your native language?

Unless you answered no to all of those questions, you should take a look at the Kee Vault “General Settings” screen!

There you can switch to our dark theme, increase or decrease the text size or switch some of the application into another language.

We’re quite a long way from being able to offer the complete Kee Vault experience in multiple languages but some of the basic features are already available in French and German. The browser extension is also already available in many languages thanks to the much appreciated Open Source contributions of a team of translators. The browser extension language is automatically set based upon the language of your web browser but you can choose in which language to display the Kee Vault application.

You can configure a lot of other options too. Some apply to the Kee Vault application on a single device and others apply on all devices. Some settings that relate to the way the browser extension works are set from within the browser extension settings because they apply to any Vault (or KeePass database) that the extension can access.


Kee Vault availability and compatibility

In this Kee Vault introductory email we’ll cover some information and tips about ensuring you have access to your passwords whenever you need them.

Works offline

When disconnected or somewhere with an unreliable network, most online password managers stop working. With Kee Vault you can still access your passwords and other credentials (such as that long cryptic WiFi code to get reconnected!).

It might seem unbelievable but you really can load your internet browser and access Kee Vault even with your device in Aeroplane Mode - try it now! We haven’t been able to change the rules of Physics though, so you will need to be online for just the first time you load your Kee Vault on each of your devices.

Accessing Kee Vault from multiple devices improves availability when a device fails, even if this coincides with an internet failure so you have multiple ways to get to all your important passwords.

Offline modifications

Even rarer than offline access, Kee Vault allows you to make changes when offline!

Our advanced synchronisation support means that changes are automatically sent to your other devices once the device with changes comes back online. There is a rare case where multiple changes to the same entry from multiple offline devices can result in only some of the changes persisting. A pretty unusual situation for sure, but to be on the safe side we recommend following the simple rule to only make offline changes on one device at a time.

Stop emailing yourself passwords

Using email, post-it notes, text messages or unencrypted files to transfer passwords between devices is insecure. Because Kee Vault is available on all your modern computers, phones and other devices, you can keep your passwords safe and secure.

KeePass compatibility

Kee Vault uses the widest available Open Source password management storage format. It is highly secure and supported by dozens of other applications so if you ever need to end your subscription to Kee Vault, your data will be available in a secure format - no unprotected CSV exports like most password managers!

Kee Vault is always there for you on any modern device or web browser. If you need to use old systems from time to time, your vault is fully compatible with the 30+ KeePass Password Safe native applications, offering a greater range of platform support than any other web-based password manager. Simply save to a file and transfer it to the unsupported device. Note that changes you make to this exported file will not be applied to your online Kee Vault so we recommend treating such exported copies as “read only” to avoid surprises.


End of the beginning

This is the final introductory email about Kee Vault. We hope you’ve learnt something interesting over the last 10 days and will give serious consideration to continuing your subscription after your free trial ends soon.

Do your friends owe you a drink?

When an account is hacked, even on a seemingly “unimportant” website, criminals using your stolen data can often trick you and other people that know you into making mistakes that can compromise more important websites. This can lead to private information being made public or very significant financial losses and significant inconvenience.

By subscribing to Kee Vault and using it to protect your online accounts, you’re protecting your friends and family from this risk. So perhaps next time you see them, they should be buying you a drink or some cake to say thank you… it’s worth a try!

Individual password security

If you’re new to password managers you probably already have a lot of insecure and duplicated passwords in use at a lot of places. It’s daunting to upgrade them all to secure unique passwords managed by Kee Vault so why not schedule a short amount of time each week to start gradually improving their security? Start with your critical accounts like email and finances and work your way down to those niche discussion forums!

Once all your passwords are secure and unique, you’ll be safer than most people and can relax! However, to protect against undiscovered security breaches on each website or app, you might still want to consider changing the individual passwords every 5-25 years, depending on how critical the service is to your life.

The Kee Vault entry history feature will let you see how long ago you changed the password and we’ll be developing a variety of features to ease the process of changing passwords in the coming years so there should be more news on this topic before those 5 years are up.

Feedback

If you have any feedback, thoughts or ideas about Kee Vault or these introductory emails in particular, please sign up to our community discussion forum ( https://forum.kee.pm ) to join in with or start a discussion. We’re looking forward to hearing what we can improve and what we should keep doing. If you ever need to get in touch about something specific to your account just sign in to Kee Vault and send us a secure message. To keep your account secure, we can’t respond via email, phone or snail mail.

Thanks for reading!


Changes

We will update the contents of these emails from time to time but you do not need to keep coming back to them once you have read them the first time - we will make sure any important changes are communicated in other ways too.