The Master Key is a password that you only know and that is requested throughout the product for different purposes:
– To decrypt the encrypted data stored in your Managers (This is its main purpose. This is the reason why it was created in the first place and only your Master Key can perform this task.)
– To authenticate your identity to perform other sensitive actions (like deleting data for example or launching the app if you decide so in order to add a layer of security)
Digital ID doesn’t know your Master Key. It is not stored on our servers and we have no access to it. In that case how does the “remember my Master Key” option work?
On your desktop
With Digital ID's default settings and depending of your usage of the product, you may need to enter your Master Key every few minutes. That’s why—starting with version 1.22—if it becomes tiresome and if you know that you will be on your computer for a while, next time you are asked to enter your Master Key, you may choose to check the box “Remember until this window closes or locks”.
The way this works is that your Master Key is then kept securely in an encrypted memory area of your browser. Digital ID's servers still don’t have access to it at any time nor does any other server. It is kept locally on your machine.
You can then configure your Security preferences in the Settings of the product to choose when the Main Window will lock, which will close your current session and erase the Master Key from memory.
What about on mobile?
On mobile also, your Master Key is, by default, required to access all sensitive data.
However, you can set up your smartphone in order to use biometric authentication instead (either your fingerprint or facial recognition depending on your device’s options). This is very convenient and doesn’t decrease the level of security. You can enable this in the Settings of your app (it will need to be enabled from your phone’s settings as well in order to work). This only takes a few seconds.
You can also configure the app in order to request the Master Key at the times and with the frequency that fit your usage best. From the Settings of the app, scroll down to the Security section and tap on “Master Key preference” to see the available options.
On iOS devices, if you choose to have your phone remember your Master Key in between launches, then dedicated storage space in Keychain will be allocated to store your Master Key locally until the next time you launch the app. Digital ID's servers still don’t have access to it at any time nor does any other server. It is kept locally on your device.
The way it works on Android devices is very similar with your Master Key stored in the local Android Keystore.
What are the risks?
It all depends on your usage and the level of security you are comfortable with. The technical solution has been vetted, but if you tend to leave your computer without locking your screen or if you lend your phone regularly to family members or have a tendency to leave it around and forget it, then we recommend that you stick with the default settings of your app. If you are an expert user and don’t want to be bothered by an extra layer of security while you already have a few in place, then you may decide to go for more convenience and usability.