Security
AES-256 Encryption
Each user account within BeanLogin is associated with a unique account key that is used to encrypt the data.
Customer Master Key
Each user’s account key is encrypted using a customer-specific master key, which is stored separately from the database.
Key Rotation
Customer-specific master keys are rotated once every 3 months and the old keys are archived for a period of 6 months.
![](https://www.beanlogin.com/wp-content/uploads/2018/11/password_manager.png)
User Data Transport
Encrypted user data will be synced across the user’s trusted devices through a secure channel (TLS).
Public Key Cryptography
On trusted devices, data encryption/decryption will happen locally using the user’s private key, which is never known to BeanLogin.
Shared Keys
Each shared item is encrypted using a unique Shared Key, which is encrypted using the respective shared user’s public key. The shared key can be decrypted on the device locally using the user’s own private key.
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-05-6.png)
Multi-Factor Authentication
Offers a variety of 2-factor options to protect your portal as well as web apps within your organization
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-04-6.png)
Fingerprint
Supports TouchID authentication and pattern recognition (Android devices)
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-07-6.png)
Device Registration
New devices go through a risk assessment before getting registered
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-08-6.png)
Secure Sharing
Sharing data with people you know using public key cryptography
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-06-6.png)
Kill Switch
Wipe out all of your passwords and notes from BeanLogin using our Kill Switch
![](https://www.beanlogin.com/wp-content/uploads/2018/11/app-marketing-icon-10-6.png)
Advanced Encryption
Advanced encryption that encrypts data using keys derived from user’s password