Multilogin takes your security very seriously. Losing control over our clients’ profiles would be the ultimate failure that could ever happen to us. That is why we have a paranoid-level security system in place. This article will give you an insight into how it works.
We don’t know your password
How to start using Multilogin safely? Create a user account and set a master password with at least 16 characters, composed of random numbers and letters, for example – “Rlvy71kswtWMjxcEFsNS”. Rest assured that your account password, or – how we call it – “master password”, is never transmitted to our servers in plain text. We use hash functioning, which means transforming your data unrecognizably. Look what Wikipedia says about it:
“a cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone”
Let’s get back to our example. After applying the md5 hash function, your password will turn into something like this:
“49f9173e04ab6a708adc7fad26897074”. Nothing like the original variant, huh?
So this is where a meticulous reader may leap up and ask: how do you check my password when I log into Multilogin if you don’t know it? The answer is really easy. The second you typed in your password, it’s changed using the md5 hash. However, that’s not all. The encrypted password gets to our server and is additionally modified (this time, with the SHA-2 hash). As a result, your password transforms into the following format:
Well, now it looks completely unrecognizable. And so it is because hash functioning makes it impossible to re-create the original password – we can only see its derivative. The derivative is stored in our database as your master password. So make yourself easy on that score, NOBODY but you can be aware of your master password.
Let’s sum up the way your master password is handled in Multilogin. Just have a look at the following scheme:
Account passwords are also top secret
Now, when you know what happens with your master password, let’s take a closer look at how we work with your account data. As you may already know, in Multilogin you only have to log into websites once, so that every time you launch a saved session, you continue from where you have left. What does Multilogin actually do?
When you open a website for the first time and log into it, the website sends a so-called “cookie” file to your browser. This cookie file doesn’t have any passwords in it. Instead, it has a unique session identifier. Next time you open the same website, it reads your session ID from a cookie file and logs you in automatically. It is really convenient!
This is where Multilogin comes into action – it “snatches” the cookie file and saves into a cloud server. This way, you can run Multilogin on any device and also share your account access to virtual assistants without revealing the actual password. However, you should note that saving a cookie file in its original form is not safe. If a hacker gets access to our cloud server, he or she can download all cookies and access your websites anytime, until the cookies expire. But Multilogin is a smart program, so it encrypts every session separately with your master password before sending the cookies into the cloud storage. AES cipher is used for cookie encryption – it transforms your cookie file into a long string of what seems like total gibberish, thus making your data safe.
Here’s what Wikipedia writes about it:
“AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module”(see Security of AES, below).”
This is how your data is stored in our database:
Let’s sum up how your private info is stored at cloud storage. Have a look at the following scheme:
Your data is deleted after termination
Our commitment to your data security extends even past the lifetime of your account. If you do decide to stop using our application, we will delete your data within 3 months following the termination of your subscription.
We are safer than your bank!
We wanted to make sure that Multilogin is 100% secure in storing user data. That is why we hired true software gurus with over 8 years in web development, including 3 years in internet banking security systems.
If you don’t trust Multilogin to save your data, why should you trust your internet bank?