Security

HOME / Security

Namárië’s Security

Introduction

As we provide a service which will contain sensitive information, we are very keen on security. Therefore, we want to tell you a bit about the why and how of our security measures and how you can help us to keep your information safe.

Namárië is founded on premises which highly value privacy, and see it as a human right. Therefore we will do everything within our power to keep your information private and secure.

Encryption

Your messages and files are encrypted with the AES-256 algorithm. This algorithm has no practical attacks at this moment, attacks are only theoretical which take millions of years on current and known future hardware (including quantum computers) for an attack.

Your password is one-way encrypted, meaning it cannot be decrypted. It's also salted with a per user randomised salt, providing an extra protection against attacks.

The connection between your computer and the website is also encrypted via a TLS (successor of SSL) connection.

Password

To keep your data safe, to get the encryption to work, a password is needed. Passwords need to be strong to be safe. Therefore, we provide you with a secure password at signing up. You can change it into something else, be aware that the password is the key to your information.

A secure password is at least 12 characters long, contains regular and capital letters, numbers and special characters.

We understand such passwords are difficult to remember. Therefore we advise to use a password manager. With a password manager you only need to remember one strong password to unlock all your passwords. Make that master password really strong by making it at least 20 characters. Don't write it down, remember it, imagine singing it, make a story of it.

With your password manager, that's the only password you need to know. You can forget all your other passwords once you entered them in your manager. You don't even have to see your new passwords.

Examples of password managers are:
Keepass
Lastpass
1password

There are more password managers of course. Some of them are online, in the cloud even, please be aware that these may be less secure because of their online component which makes them more vulnerable to attacks.

Two factor authentication

On top of the password, we have another security measure to be really sure it's you who is logging in. It's called two-factor authentication and it exists of a code sent via SMS to your phone every time you want to log in.

Your password is something you know, your phone is something you possess, together they make it a more secure confirmation that you are the one who is logging in than each on its own. The sent code is different every time.

To enable two-factor authentication, we need your phone number. As we said before, we respect your privacy. We only use your phone number to send you the security SMS if that is the only feature you enabled. There are more features on our service that need your phone number but you can enable or disable them each separately. And if you don't want to use any of those features, you simply remove your phone number from your profile. Once it's removed from your profile, we don't have it anymore.