Security

A Trusted Partner Committed to Your Financial Success

Security

Why is perc.pass
a secure solution?

perc.pass was designed according to the principle of strict separation between user authentication and cryptographic processes. Thanks to this, gaining access to a user account is not equivalent to accessing the stored passwords and sensitive data.

Whitepaper

Read the security whitepaper and learn more about the security standards in perc.pass.

View

Encryption

Discover the encryption methods used in perc.pass and see how we secure your passwords.

Go to

Storage

All your data is stored within the European Union.

The system utilizes multi-factor user authentication, while all cryptographic operations are performed independently – based on a dedicated “master password.”
The system administrator can manage user accounts (e.g., add, delete, block access) without the ability to decrypt their data.

The master password forms the foundation of the perc.pass cryptographic system. This is not the user’s account password. It is used exclusively to decrypt sensitive data (passwords, attachments).

All confidential data stored in the system is encrypted:

  • using keys generated based on the master password,
  • right at the client stage, before reaching the server infrastructure.

This means that a user account takeover does not provide access to the stored passwords, and the data in the database exists solely in encrypted form.

Multi-factor
authentication

See how to add a 2FA method

perc.pass allows configuring a second authentication factor in one or more of the following forms: 

  • SMS code
  • Hardware code generator (HMACbased OTP) 
  • TOTP applications 
  • Hardware securty keys (FIDO2) 
  • Hardware key in OTP mode 

Password security policies 

The owner of a shared group can define password security policies that apply to all group members.

Passwords that do not meet the established requirements are marked with a warning, as are entries with a set expiration date.

System logs and audit

perc.pass logs key system events that are relevant from a security and auditing perspective.

The user or administrator can: 

  • download aggregated logs, 
  • generate a report in PDF format, 
  • use the data for incident analysis or compliance audits. 

Data encryption

perc.pass utilizes the AES (Advanced Encryption Standard) algorithm in GCM mode with a 256-bit key length, which:

  • provides data confidentiality and integrity within a single mechanism,
  • eliminates known weaknesses of CBC and CTR modes,
  • is recommended by modern browser vendors and cryptographic communities.

Thanks to the use of GCM mode, the system does not require additional HMAC mechanisms for data authentication.

The RSA algorithm is used in perc.pass for secure data sharing processes between users. As asymmetric cryptography, it:

  • relies on a public/private key pair,
  • is based on the difficulty of factoring large prime numbers,
  • enables secure key exchange without revealing them.

PBKDF2 (Password‑Based Key Derivation Function 2) is used to generate cryptographic keys from the master password. This mechanism:

  • utilizes a cryptographic salt,

  • applies hundreds of thousands of hashing function iterations,

  • effectively hinders brute‑force and rainbow table attacks.

In accordance with current OWASP recommendations, the user can set the number of iterations within the range of 600,000 to 1,000,000, maintaining a balance between security and performance.

All communication between the client and the perc.pass server is protected by SSL/TLS, which ensures:

  • server authentication,

  • transmission confidentiality,

  • data integrity,

  • protection against man‑in‑the‑middle attacks.

Data stored in databases is additionally secured using Transparent Data Encryption, which:

  • prevents data from being read from the file system level,

  • protects data even in the event of unauthorized access to the infrastructure,

  • is supported by integration with HSM devices that securely store encryption keys.

perc.pass is a 100% Polish solution, designed and developed in Zielona Góra. The idea of creating the system was born at Perceptus, where engineers handling technical deployments for clients identified a nearly permanent issue with password security and sharing within organizations. The idea was further developed and is being introduced to the market by a special purpose vehicle, percpass, which commercializes the solution and builds a network of partners integrating the system for clients. Customer data is stored in a data center within Poland.