Yes, XenBolt Password Manager as a service is provided to you for free "as in free beer" (free of charge) NOT free "as in free speech" (open source).
What this implies is that you may use XenBolt Password Manager free of charge without any modification to the source code.
XenBolt Password Manager is not developed with commercial success or profit in mind.
The developers have full time jobs and this project is developed purely as a way to give something back to the world as a mark of gratitude.
However, if you wish to contribute towards XenBolt or encourage us you are more than welcome to contact us at [email protected].
No, your personal data is never sold or used for any commercial purpose.
You can read more about how we handle your personal data at https://xenbolt.pratanumandal.in/privacy.
Your account password (master key) is hashed using BCrypt.
All your entries are encrypted using AES-256-GCM.
These are considered the state-of-the-art algorithms.
We shall also keep upgrading the algorithms with time.
For instance, we intend to switch to Argon2 for password hashing as soon as support is available.
TL;DR:
Yes, your data is safe with us.
All sensitive data is encrypted with your master key.
So don't lose your account password (master key).
Sadly, if you lose your account password (master key), there is not much we can do.
All your data is locked away forever.
We have very strong security measures in place to prevent us from accessing your data.
However, this is a double-edged sword.
It implies that you are solely responsible for remembering your master key.
If you have not lost your account password yet, heed this warning and never lose your master key.
If you have already lost your account password, the best you can do is contact us at [email protected].
We can delete your account so that you may be able create another account with the same email id.
However, as mentioned before, all your data will be lost.
Here is a list of some of the recommended practices relating to password management.
Note that this is not a comprehensive list but provides general guidelines when handling passwords.
We cannot stress this enough.
Ideally, your passwords will be a random sequence of characters, numbers, and digits of at least 10 characters or more.
For example:
bX^04!Dv9* is a good password.
drowssap is a bad password.
It may seem clever to reverse the word "password", but this is actually trivial to crack using a dictionary attack.
Do not share your passwords with anyone.
EVER.
Never re-use your passwords across websites.
Try to use unique passwords for every website you have accounts in.
This way, if one of the websites is compromised, the other websites will not be affected.
In fact, this is where XenBolt Password Manager comes in.
Store all your passwords using XenBolt in a simple and hassle free manner.
Theoretically, offline password managers have the possibility of offering greater security than online password managers.
This is inherent to how the internet works.
However, offline password managers are not invulnerable.
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. Gene Spafford
Additionally, offline password managers suffer from a lack of flexibility.
A well implemented online password manager remains secure without the drawbacks of offline password managers.
With online password managers you have all your passwords available to you anywhere you go.
In the end, it comes down to the trade-off between security and flexibility.
We at XenBolt believe, we have achieved the sweet spot that balances the two.
However, if you do decide to use an offline password manager, we recommend KeyPass Password Safe.
It is one of the best offline password managers you can get and it is also cross-platform and free.