Security

We use the highest levels of privacy and security.

Introduction

Intuitive Password users trust us with millions of their passwords, secret notes, bank details and personal information. That trust is based upon us keeping that data both private and secure. The information on this page is intended to provide transparency about how we protect that data. We will continue to expand and update this information as we add new security capabilities and make security improvements to our products.

About the team

Intuitive Security Systems Pty Ltd is an Australian password management company located in Melbourne. Our engineering team is highly skilled and dedicated in web application development, data security and protection against potential vulnerabilities. Our objectives are to design and implement reliable web applications, provide timely and accurate product support and to safeguard our customer's data.

Network security

The hosting environment of Intuitive Password supports a robust antivirus regime with regular updates and constant scanning. All customer's data is stored behind several layers of firewalls to prevent access from the Internet to the data. The access to the database is strictly controlled by application certificates, we limit who has access to our production infrastructure based on business need and strongly authenticate that access.

We protect our service against distributed denial of service (DDoS) attacks using an on-demand mitigation service, and engaged a real-time malware scanning service to ensure that our servers are malware-free.

Account security

Intuitive Password never stores your password in plaintext. When we need to securely store your account password to authenticate you, we use PBKDF2 with a unique salt for each credential. We select the number of hashing iterations (10,000+ rounds of iterations) in a way that strikes a balance between user experience and password cracking complexity.

Intuitive Password doesn't require you to set a complex password, but our password strength indicator will encourage you to choose a strong one. Intuitive Password limits failed login attempts on both a per-account and per geo-location basis to slow down password guessing attacks.

Intuitive Password provides two-factor authentication (2FA), also known as two-step verification (2SV), for all premium accounts. Our two-factor authentication mechanism is based on a time-based one-time password algorithm (TOTP), and messaging based one-time password algorithm (SMS). All premuim users can generate codes locally using an application on their mobile device, or choose to have the codes delivered as a text message.

Web application security

Securing our web-based applications is critically important to protecting your data. Our security team drives an application security program to improve code security hygiene and periodically assess our service for common application security issues including: cross-site request forgery (CSRF), cross-site scripting (XSS), SQL injection attacks, session management, URL redirection, and clickjacking.

All of the information that you store in your Intuitive Password account is encrypted locally. This means that all your personal data is never transmitted without being fully secured and attackers/hackers never have access to your passwords, banking details, secret notes and any part of your sensitive data.

Physical security

Intuitive Password stores your encrypted data at one of our enterprise-grade data centers. These data centers are staffed and monitored 24x7x365. Any visitor to the data centers must be authorised, and further authorization is required to access areas with servers, workstations, or networking equipment. As part of the strict visitor access controls, a visitor log is kept to maintain a physical audit trail of visitor activity.

All Intuitive Password data resides inside the Australia. Our primary and backup data centers are both located in Melbourne and Sydney.

Transport layer security

Intuitive Password uses Secure Sockets Layer (SSL) technology to provide you with the safest, most secure user experience possible. SSL technology enables encryption (scrambling) of sensitive information, including passwords and credit card numbers, during your online transactions. All of the forms on our site are secured with SSL technology so your personal information stays safe and out of malicious hands.

We support a mix of cipher suites and Transport Layer Security (TLS) protocols to provide a balance of strong encryption for browsers and clients that support it and backward compatibility for legacy clients that need it. We plan to continue improving our transport security posture to support our commitment to protecting your data.

Transmission of payment card details

When purchasing from intuitivepassword.com, your financial details are passed through a secure server using the latest 256-bit SSL encryption technology. We use PayPal (www.paypal.com), Alipay(global.alipay.com) and Stripe Payment Gateway(www.stripe.com) for our data collection. SSL technology with 256-bit encryption protects the security of your online order information. When you place an order online and provide your credit card number, SSL encrypts all personal information including your card number, name and address. With this encryption, only we have the ability to decode your information.

Data Destruction

Intuitive Password retains all your data unless you take explicit steps to delete them. Deactivating an Intuitive Password account or revoking access to an account does not automatically remove its data. You can easily delete your Password Items or secret notes from the Intuitive Password platform. When a Password Item is deleted, all references and connections to the data in that Password Item are removed from our databases.

Security audits, scanning and testing

Intuitive Password is tested daily by Symantec Norton Secured, SiteLock and GeoTrust to ensure that the Intuitive Password web application is secure from known remote exploits, vulnerabilities and denial-of-service attacks. All the security badges may be found on the IntuitivePassword.com to verify daily testing of our websites and web applications.

The Intuitive Password websites and web applications runs on secure Amazon Web Services (AWS) cloud computing infrastructure. The AWS cloud infrastructure which hosts Intuitive Password systems has been certified to meet the following third-party attestations, reports and certifications: CDSA, CJIS, CSACCM, FedRAMP, FERPA, FIPS 140-2, HIPAA / HITECH, IRAP, ISO/IEC 27001/27002:2013, ISO/IEC 27018, MLPS, MTCS SS, NZ GCIO, PCI DSS Level 1, SOC 1 Type 2 and SOC 2 Type 2, TCS CCCPPF and UK G-Cloud

High Availability

We back up all customer content at least twice daily and replicate those backups to our backup data center via a private and secure network connection. This process ensures that we can recover from a complete site failure in our primary data center. We do not utilize any removable media for backups. We operate a fault tolerant system and network architecture to ensure that Intuitive Password is there when you need it, wherever you may be. This includes:

Diverse and redundant Internet connections. Redundant network infrastructure including switches, routers, load balancers, and firewalls.

Scalable system architecture built using a large number of independently operating shards, each servicing a small slice of our user base.

Shards architected as pairs of redundant servers, providing hot standby capabilities should a single server fail.

Servers engineered with redundant power, redundant network hardware, and storage deployed in a RAID configuration.

Our collocation vendor provides fault tolerant facility services including power, HVAC, and fire suppression.

Information security and compliance

Click on the icon "Trustwave Trusted Commerce Seal" at bottom of the page for details regarding the Trustwave compliance and security services provided to Intuitive Password. Intuitive Password servers are protected by industry standard firewalls which is designed to keep information secure and inaccessible by other Internet users. So you're absolutely safe with your data and online payment. SSL technology, Trustwave, and industry standard firewalls all work together to ensure your privacy and to assist in protecting your confidential data.

Please see our Privacy Statement for information about our privacy compliance.