Money Toolkit è un'app per smartphone che può avvisarti dei tuoi saldi e transazioni su più account.
Stavo leggendo il loro sito e se le loro pratiche sono sicure come pretendono di essere.
Dalla loro pagina link , questi paragrafi sono di interesse:
Only you and your bank can get at your bank security answers, they are securely encrypted on your phone. In fact once you have entered them on your phone, not even you can see them, they are stored in Money toolkits 128 bit AES encrypted safe, using your password as a key, and your password is stored in a way that is almost impossible* to be decoded (using SHA-256).
But then comes the really clever bit. We actually dont store the whole encrypted file on your phone. We split the file into three parts, only one is stored on your phone, the other two parts are sent to two different servers somewhere in the UK. Each part is totally useless without the other two parts. So if anyone finds or steals your phone – it is literally impossible for them to recover your secure details. Similarly if anyone manages to breach our military grade security on our servers they will still be completely unable to recover your secure details, unless they also have your phone.
The advantage of this system is that It makes it literally impossible for anyone who has physical access to your phone (through theft, or otherwise) to recover any of your secure data from the phone. Not only would someone have to get access to your phone they would have to go to the same lengths as they would if they wanted to ‘hack’ into a bank, but they would have to do it three times!
Sulla loro pagina link
- We use SSL for all our communication over HTTP – between our apps and servers and between servers. Our trafic can not be eavesdropped.
- All other administration communication is done via SSH.
- Passwords are never stored – we always use SHA hashed passwords with heavy and dynamic salting.
- All other data is encrypted on our servers, using AES.
- The data centers we use are accredited to ISAE 3402
- A lot of our service runs on Google App Engine who have an exemplary security record… 24 hour guarded data centers, airlock entry, NO security breach ever and more… more info.
- We are a small company, and every employee or contractor is well known, and follows the best security practices. No customer data is ever allowed on individual storage devices, so can never leave the data center.
- All of our systems and servers are regularly patched and hardened, no personal data is ever stored in any logs.
- Our development and deployment process is strictly controlled with a continuous integration server running a battery of tests, not just for reliability, but for security as well.
Anche questa pagina include tutti i dettagli tecnici del loro metodo:
Ci sono dei difetti in questo design? Eventuali punti deboli? Potrebbero essere attendibili con i miei dettagli bancari?