Security
- What is encryption?
- What are encryption keys?
- Why encrypt?
- Why not just use passwords like everyone else?
- Why does everyone else use passwords instead of encryption keys, then?
- How do I save my keys?
- What if I lose my keys?!
What is encryption?
The data you accumulate in TallyLab is encrypted on your device and in the cloud. Encryption transforms data into an unintelligible string of numbers using a set of keys.
What are encryption keys?
Here's a great explanation from Panayotis Vryonis on what encryption keys are:
"Keys" are just numbers —big, long numbers with many digits. You can keep your private key, which is a number, in a text file or in a special app. You can put your public-key, which is also a very long number, in your email signature, your website, etc. And there is no need for special boxes, you just "lock" and "unlock" files (or data) using an app and your keys.
If anyone, even you, encrypts (i.e. "locks") something with your public-key, only you can decrypt it (i.e. "unlock" it) with your secret, private key.
If you encrypt (i.e. "lock") something with your private key, anyone can decrypt it (i.e. "unlock" it), but this serves as a proof that you encrypted it: it’s "digitally signed" by you.
In order to decrypt your data (locally or from a backup), you'll need your encryption keys.
Why encrypt?
We encrypt your data even when it's just on your device so that if someone or something were to find a way in, it wouldn't matter — they wouldn't be able to read it without having your encryption keys to decode it.
Why use encryption keys and not passwords like everyone else?
As the number and scale of recent data breaches demonstrates, servers full of usernames and passwords are vulnerable to hacking.
We'd rather not have access to your credentials in the first place, so there's no possibility of someone gaining access to them.
Why does everyone else use passwords instead of encryption keys, then?
Most apps keep a server full of user credentials so that if you forget your username or password, it can be reset. The main drawback to using keys instead is that if you lose them, they can't be recovered.
This is why we highly recommend that you generate your keys by answering our security questions (see below). That way you can regenerate your keys later if you lose them.
How do I save my keys?
Your initial set of keys are generated randomly when you first start using TallyLab. You never see that happening, we just do it.
To download those keys, go to the Security area and choose "Save your current keys".
Your key file needs to be kept in a safe place, away from the device(s) you use TallyLab on. The idea is that if you lose a device, you'll still be able to decrypt your data.
What if I lose my keys?!
The possiblity that you'll lose your keys is why we recommend using the first option in the Security area to generate a new set of keys by answering a series of security questions.
We combine your answers to those questions into a single, very long "seed" from which we derive your encryption keys.
In the future, if you lose your device AND your keys, you'll be able to regenerate your keys by answering our questions again.
That is why we highly recommend that you generate a new set of keys from answers to our security questions AND save them somewhere safe.