Security & Privacy

Understanding our shared responsibility for keeping your data secure

On Security and Shared Responsibility

At MyLastKey, we have built a tool that is secure by design. All processing happens on your device, and no sensitive data is ever sent to us. Our open-source code is a testament to our commitment to transparency and security.

However, the ultimate security of your data is a shared responsibility. The security of our tool depends on the security of the environment in which it is used. Therefore, it is important that you, the user, are aware of the following:

Your Device Security

Ensure your computer or mobile device is free from malware and viruses. A compromised operating system can potentially monitor everything you type.

Browser Plugins

Be critical of the browser extensions (plugins) you install. Some extensions may have permissions to read and alter content on web pages, including the data you enter into MyLastKey.

Browser Updates

Keep your web browser updated to the latest version to ensure you have the most recent security patches and protections.

Your Password Strength

The strength of the encryption is directly dependent on the strength of the password you choose. Always use a long, unique, and strong password.

Physical Security

Once you have printed your document, you are responsible for storing it in a secure location.

Network Security

While MyLastKey works offline, be cautious when using it on public Wi-Fi networks. Consider using a VPN or working offline entirely when handling sensitive information.

Data Backup Considerations

If you choose to save encrypted data files, store them securely and consider multiple backup locations. Remember that losing your Master Key means losing access to your encrypted data permanently.

Screen Privacy

Be aware of screen recording software, screen sharing applications, or "shoulder surfing" when entering sensitive information.

By being mindful of these points, you help ensure that your data remains private and protected—from start to finish.

Technical Security Details

Client-Side Processing

All encryption, decryption, and data processing happens entirely in your browser. No data is ever transmitted to our servers.

Strong Encryption

We use AES-256 encryption with PBKDF2 key derivation (250,000 iterations) and SHA-256 hashing for maximum security.

Open Source

Our entire codebase is publicly available on GitHub, allowing security experts to review and verify our implementation.

No Analytics or Tracking

We don't use any analytics, tracking scripts, or third-party services that could compromise your privacy.