SplashID Safe Security Features – Application, Network, and Data Protection

SplashID Safe Security FAQs

We value our customers' trust in keeping their data secure with SplashID Safe. Below are details on how we protect your information at multiple levels.

Application Security

SplashID Safe applications comply with OWASP TOP 10, SANS TOP 25, and CWE industry standards. Our developers are security-trained and follow a strict checklist that must be verified before every update or release.

We use tools such as Netsparker, Burpsuite, Acunetix, and manual exploit testing to ensure that no vulnerabilities are missed. Security is a top priority, with a focus on preventing cross-data leakage, maintaining privacy, and ensuring strong application security.

Additional controls such as dual authentication, secret keys, and user role mapping are integrated at both the application and server levels. Every version of SplashID Safe is tested periodically and whenever code changes are made.

Network Security

All requests within SplashID Safe are encrypted using 256-bit SSL connections. Each record is encrypted at both the transport and application layers. Our dedicated security team runs regular scans using Nessus, Qualys, and NMAP to identify and address any network vulnerabilities.

Server Security

SplashID Safe servers are hosted on Rackspace with a multi-tier architecture. They are security-hardened, regularly scanned for malware and rootkits, and kept up to date with patches. Daily backups ensure data reliability.

Advanced Security Features

Local Only Records
Cloud Services users can mark any record as Local Only. This ensures the record stays on a chosen device and does not sync to the cloud. If the record already exists on other devices or the web app, it will be removed from those locations. Users can undo the Local Only setting anytime, allowing the record to sync back to the cloud and other devices.

2-Factor Authentication
2FA adds an extra layer of protection to SplashID Safe accounts. When logging in from a new device, desktop, or browser, an additional code is required to confirm authorization. Once confirmed, the device or browser will no longer require the code for future logins.

Secure Sharing
Users can share SplashID records securely with anyone, whether they use SplashID Safe or not. Shared records are sent via a secure link that is valid for 24 hours and deleted after being viewed. Records are password-protected, and users may choose whether to include the password in the email or share it verbally for added security.

Security Team Hall of Fame

Our mission is to keep customer data private and secure. Security is an ongoing process, and we continuously evolve to counter new threats. We appreciate all feedback and reports of security concerns.

If you believe you have found a potential issue, please email us with as much detail as possible. Once validated, we will implement a fix and thank you for your assistance, including public recognition if desired.

We would like to thank the following security experts who have contributed to improving SplashID Safe’s security:

Agastya Rudroj, Aleksandr Vasilyev, Anagha, Andrea Possemato, Atulkumar Hariba Shedage, Bhaskar Borman, Blessen Thomas, Chandroliya Ravi, Clifford Trigo, Danish Tariq, Devesh Bhatt, Garry D. Bacalso, Ghanashyam Sreehari, Gineesh George, Hakimuddin Gheewala, Hardik Parekh, Hardik Tailor, Hari Krishnan, Inaki Rodriguez, Jatin Mangani, Jay Vardhan, Jeevan Dahake, Kamal Singh, Kamil Sevi, Karthickumar Ramanathapuram, Kesav Viswanath, Kiran Karnad, Lalit Kumar, Le FeOx, Lyon Yang, Manish Bhattacharya, Manish Kumar, Mathias Karlsson, Maulik Shah, Meris Bihorac, Michael Smith, Mihir Mistry, Monendra Sahu, Muhammad Talha Khan, Muhammad Waqar, Nailo Mimo, Nakul Mohan, Nilesh K, Nitin Goplani, Osama Ansari, Osama Mahmood, Osanda Malith Jayathissa, Paras Pilani, Parichay Rai, Paul Seekamp, Prayas Kulshrestha, Rafael Pablos, Ranjan Kathuria, Ravindra Singh Rathore, S Venkatesh, Sachin Kediyal, Salman Khan, Sander Van der Borght, Shpend Kurtishaj, Shubham Gupta, Siddhesh Gawde, Sriram Shyam, Stefano Ivan Stinga, Surya Subhash, Swapnil A. Thaware, Tony Trummer, Vinoth Kumar, Vishal Sonar.

    • Related Articles

    • SplashID Safe 8 - Using the security dashboard

      With data breaches and hacking incidents happening every day, it’s more important than ever to secure your passwords. Ideally, you should regularly review your SplashID records, change old or weak passwords, and avoid using the same password across ...
    • Forgot SplashID Safe 8.x account password

      If you forget or misplace your SplashID Safe 8.x password and enter the wrong password 10 times, your account will be locked. This is a security measure to protect your records. Unlocking your account If you contact us directly, we can unlock your ...
    • SplashID Mac Key Safe/Desktop app - bypass macOS Gatekeeper

      Learn how to resolve macOS Gatekeeper issues when running SplashID Safe Mac Desktop or Mac Key Safe apps. Step-by-step instructions are included for macOS Catalina and earlier versions. Overview This guide explains the macOS Gatekeeper issues that ...
    • SplashID Safe User Guides

      The latest SplashID Safe user guides for the apps are listed below. User guides home Android iOS and iPadOS macOS Web Windows SplashID Safe apps have release versions named as 8.x.y
    • Why should I upgrade to SplashID Safe 8?

      Availability SplashID Safe 8 is available on iOS, Android, Windows Desktop, and the Web. Key Features Enhanced UI optimized for large, high-resolution screens Single-screen functionality with advanced list view Automated SplashID Web Backup for cloud ...