Hi guys, I’m really considering making Supernotes my main place for my ideas. But since there is no 2FA, can I at least put my mind at ease because my password is stored very securely? Which encryption standard is used to encrypt our password?
Your password is stored very securely. They are uniquely salted and hashed with a modern memory-hard hashing algorithm. The primary database where these hashes are stored is run on hardware with full-disk encryption and encrypted backups.
If you are very worried about security though, all you really need are strong, single-use passwords. It really doesn’t matter how a service stores passwords if you only use them once. And while 2FA can add an additional layer of security, in practice an attacker that has access to your single-use password in all likelihood will have access to your 2FA method.
That said, we plan to add some form of 2FA/MFA in the near(ish) future.
2 Likes