You heard many bugs of open-source apps are found and exploited recently? Don’t worry about your accounts on our platform.
With the rapid growth of users, we are trying to provide a better experience. Coming together with it is security. As we know, numerous safety issues are found on the whole Internet recently. Therefore, tech companies are improving their system stability and keeping their database away from being stolen. So are we.
We have already built a robust platform. To let it be even better, the following security improvements have been established, or are going to be established, by the end of this April:
- 100% Coverage of HTTPS with TLS 1.2 (done)
Even you are using a Wi-Fi network without any encryption, certificates prevent contents from being distorted.
Do you notice the green lock icon on the left top corner of your browser? It’s the symbol of security. - Double Handshaking Checks in Tunnel Network (done)
Now our server arrays check every client package twice, right from your computer, our CDN center, to our core servers, which is known as “Point-to-Point Encryption”. This method effectively upgrades your experience when having access to our services.
You may continue using the existing OVPN profile. Our client daemon will update the profile automatically. - Two-factor Verification (done)
This procedure gives you two-factor authentication. Even your password is lost or cracked, using an One Time Password prevents hacker from logging into your popowayCloud account without authorization. You may already see this scenario on the right:
This is NOT compulsory, however we strongly recommend you to turn it on. Simply launch your popowayCloud app and go to Settings —> Security —> Two-factor Verification —> Turn on, then follow instructions on the screen. (Or click compopowaycloud://settings/otp/settings.activity/. Alternatively, you may use a compatible authenticator app such as Google Authenticator.) - HTTP Strict Transport Security (HSTS) (ETA: April 30)
HTTP Strict Transport Security (HSTS, RFC 6797) is a header which allows a website to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking. It allows a web server to declare a policy that browsers will only connect using secure HTTPS connections, and ensures end users do not “click through” critical security warnings. HSTS is an important security mechanism for high security websites.
It’s still experimental. Please allow us release this function a bit later in order to provide a more smooth transition. - SHA-256 for popowayCloud Passbase hash (ETA: April 16)
SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
We are going to release it, in addition to other significant security improvements such as Live Memory Protection, with the update of popowayCloud Passbase, which will be deployed in the middle of April.
By the way, we are testing a new project, an internal URL shortening service. If you are interested, welcome to try with us!
Customers’ safety of information is always our first concern.
popowayCloud Team