Security Guide

Best practices for maintaining an impenetrable local vault

1. The Importance of Your Master Password

Your Master Password is the absolute foundation of your security in Vaulton. Because Vaulton is a 100% offline desktop application with no cloud syncing, your Master Password acts as the sole cryptographic key used to encrypt your database. If someone gains access to your Master Password, they gain access to your vault.

Security Tip: A stronger master password ensures better protection for all your accounts. Consider updating it every 6 months.

How to create a strong Master Password:

  • Use a Passphrase: Instead of a complex, hard-to-remember string of random characters, use a passphrase consisting of 4-6 random words (e.g., "purple-dragon-coffee-stapler"). It is mathematically extremely difficult to crack and much easier to remember.
  • Do not reuse it: Your Master Password must be completely unique. Never use it for any other website or application.
  • Make it long: Length is generally more important than complexity when it comes to encryption keys. Aim for at least 16-20 characters.

2. Regular Password Rotation

It is a highly recommended security practice to rotate your passwords periodically to minimize the window of opportunity for unauthorized access.

  • Master Password Rotation: Update your Vaulton Master Password every 6 months to minimize the risk of a compromised key.
  • High-Value Accounts: Regularly update passwords for critical accounts such as your primary email, banking, and financial services.
  • Use the Generator: When rotating passwords, always use the built-in Vaulton Secure Password Generator to create a completely random, high-entropy password (we recommend using 16+ characters with a mix of symbols, numbers, and cases).

3. Physical and OS Security

Because Vaulton stores your encrypted vault directly on your local hard drive, the security of your device is just as important as your Master Password.

  • Lock your device: Always lock your computer screen when stepping away from your desk.
  • Use Full Disk Encryption: Enable BitLocker (Windows), LUKS (Linux), or FileVault (macOS) to encrypt your entire hard drive, adding an extra layer of security beneath Vaulton's own encryption.
  • Malware Protection: Ensure your operating system is up to date and that you are using reliable anti-malware software to prevent keyloggers from capturing your Master Password.

4. Secure Backup Management

Vaulton offers robust export features to help you back up your credentials securely. However, mishandling backups can lead to severe data breaches.

  • Always prefer Encrypted SQLite (.db) backups. These files require your Master Password to be unlocked.
  • Avoid Unencrypted CSVs: Only export to CSV if you are transferring your data to another system. An unencrypted CSV exposes all your passwords in plain text. If you must generate one, delete it securely (e.g., empty the recycle bin or securely shred the file) immediately after use.
  • Store backups offline: Keep your encrypted `.db` backup files on an external USB flash drive or physical external hard drive disconnected from the internet.