As our own policy explains, we collect as little information about you – whether you are a visitor to our website, a Blur free user or a paying customer – as we can manage. But privacy is about more than what data we have: it also depends on how we protect that data.
It’s for this reason that we take security very seriously. What do we do specifically?
- Heavy-duty encryption
We use the gold standard for commercial encryption: AES-256. The “256” refers to the number of bits – i.e., the 0s and 1s in binary code – that the encryption key contains.
AES-256 is very hard to crack. As this Reddit post explains, it would take longer than the universe has existed to break a 256-bit password using conventional processing methods.
- Host-proof hosting
Sounds counterintuitive, right? As odd as the term may be, host-proof hosting is, like AES-256, a best practice in online data storage.
A corollary to strong encryption, host-proof hosting encrypts data on a user’s device before it is uploaded to a company’s servers via the internet. The encryption happens with a special key that belongs exclusively to the user, which means that only he or she can decrypt it on his or her device.
The upshot: the private data you save in your Blur account is fully encrypted, and we can’t ever see it.
- Your backup passphrase
Host-proof hosting involves a type of private key that is invisible to you, the user. You also have a viewable key that can unlock your account, should you forget your password – it’s called a backup passphrase.
You can find it in the Blur Dashboard > Settings > Account Settings > the “View” link in the “Backup Passphrase” row.
Ordinarily, you won’t need to enter your backup passphrase. But if you forget your password, it’s the only way we can verify that your account belongs to you. So be sure to write it down!
Why is a backup passphrase safer than a conventional “forgot password” link? Typically, clicking “forgot password” will email you a new password. But consider the possibility that someone gains control of your email account. That person could then reset your Blur password and gain access to the highly sensitive information you’ve stored with Blur. We simply can’t take that chance, so we don’t offer a password-reset option.
Check back soon for Part II of this series to learn how you can make your account even more secure!