Q: Why not share a password via a Password Manager?

Answer

Password managers and many other password sharing tools rely on storing part of cryptographic data on the server and the other part in the shared code or web link. Therefore, the assumed security model of these tools has these conditions:

  • No party except the legitimate receiving party can collect these two parts, neither immediately nor at any future time.
  • The server is not compromised between the time the share is created and the time that the share is retrieved.
  • The server guarantees deletion of the stored part after the transfer completed.
  • The web page opened by the web link does not have a JavaScript backdoor.
  • The devices used by the sender and the recipient are not compromised.

These requirements are difficult to satisfy. Information is backed up in the cloud and rarely truly gets deleted. A persistent attacking party can collect web links from email and the other data from compromised servers.

In contrast, the security model of Crosspass is:

  • The recipient will be able to use the PIN ahead of anyone else.
  • The devices used by the sender and the recipient are not compromised.

These are easier to satisfy, therefore Crosspass is more secure.

Ready to try Crosspass?

Download from App Store Get it on Google Play