Data safety

Updated 4 months ago by Yelena

Related articles

Multilogin takes data safety very seriously. Losing control over user data would be the ultimate failure that could ever happen to us. That is why we have a paranoid-level security system in place. This article will give you an insight into how it works.

We don’t know your password

How to start using Multilogin safely? Create a user account and set a strong password.

We recommend using at least 16 characters, composed of random numbers and letters.

Let's take this password as an example: Rlvy71kswtWMjxcEFsNS

Rest assured that your account password is never transmitted to our servers in plain text. We use hash functioning, which means transforming your data unrecognizably. Look what Wikipedia says about it:

A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone.

After applying the md5 hash function, an example password will turn into this: 9f9173e04ab6a708adc7fad26897074

Looks nothing like the original, huh? So this is where a meticulous reader may leap up and ask: how do you check my password when I log into Multilogin if you don’t know it? The answer is really easy. The second you typed in your password, it’s changed using the md5 hash. However, that’s not all. The encrypted password gets to our server and is additionally modified (this time, with the SHA-2 hash). As a result, your password transforms into the following format: f2205505e129ce8ce5f22d524e56f2d4339bc8b312896480d5d6a55cae878de7

Well, now it looks completely unrecognizable. And so it is because hash functioning makes it impossible to re-create the original password – we can only see its derivative. The derivative is stored in our database as your master password. So make yourself easy on that score, nobody but you knows your password.

Let’s sum up the way your master password is handled in Multilogin. Just have a look at the following scheme: 

Account passwords are also top secret

Now, when you know what happens with your master password, let’s take a closer look at how we work with your account data. As you may already know, in Multilogin you only have to log into websites once, so that every time you launch a saved session, you continue from where you have left. What does Multilogin actually do?

When you open a website for the first time and log into it, the website sends a so-called “cookie” file to your browser. This cookie file doesn’t have any passwords in it. Instead, it has a unique session identifier. Next time you open the same website, it reads your session ID from a cookie file and logs you in automatically. It is really convenient!

This is where Multilogin comes into action – it “snatches” the cookie file and saves into a cloud server. This way, you can run Multilogin on any device and also share your account access to virtual assistants without revealing the actual password. However, you should note that saving a cookie file in its original form is not safe. If a hacker gets access to our cloud server, he or she can download all cookies and access your websites anytime, until the cookies expire. But Multilogin is a smart program, so it encrypts every session separately with your master password before sending the cookies into the cloud storage. AES cipher is used for cookie encryption – it transforms your cookie file into a long string of what seems like total gibberish, thus making your data safe.

Here’s what Wikipedia writes about it:

AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module”(see Security of AES, below).

This is how your data is stored in our database:

Let’s sum up how your private info is stored at cloud storage. Have a look at the following scheme:

Your data is deleted after termination

Our commitment to your data security extends even past the lifetime of your account. If you do decide to stop using our application, we will delete your data 3 months after the subscription is terminated.

You will receive several email reminders before your data is completely deleted.

We are safer than your bank!

We wanted to make sure that Multilogin is 100% secure in storing user data. That is why we hired true software gurus with over 8 years in web development, including 3 years in internet banking security systems.

If you don’t trust Multilogin to save your data, why should you trust your internet bank?

Video on the topic

Check out our latest news, research, and tutorials

Has your issue been resolved?