How exactly does the Secure Sync work? - macOS-Version / Secure Sync - Outbank Helpdesk

How exactly does the Secure Sync work?

The Secure Sync is the secure data transfer in Outbank across multiple devices. If you use Secure Sync, your data will automatically be synchronized between your connected devices.

Several security technologies protect your data during transfer:

  • Zero-Knowledge Principle: We have at no time access to your data. Also, the cloud provider Amazon, whose servers we use for the synchronization, has no insight into your data, because they are constantly encrypted.
  • End-To-End Encryption: Before the transfer, your data is encrypted by highest standard (AES Encryption). Only then they will leave your device in the direction of cloud storage. The data can neither be read by us nor by Amazon. Only when you decrypt the data on your other device, they are readable again.
  • AES Encryption: The Advanced Encryption Standard (AES) is the most secure method of data encryption. AES will transform your data into a hieroglyphic ciphertext of a certain length (128 bits or a 39-digit number). The transformation from plain- to ciphertext is secured with another key (128, 192, or 256 bits or a number with 29, 58, or 78 digits). The encryption happens exclusively on your device – therefore we have no insight on it. 
  • PBKDF2: The encryption key for your data is obtained from your App password by the Key Derivation Function PBKDF2. In this process, a specific function is applied to the same password several times consecutively. This iteration ensures that the original password can no longer be deduced. The process takes places exclusively on your device – neither Amazon nor we can resolve the key.
  • Certificate Pinning: During the transfer of your data, we constantly check whether someone is manipulating the connection or intercepting your data. Therefore, we validate the security certificate from Amazon, via whose servers your data are transmitted. If someone alters the connection between server and your device (e.g. during a Man-In-The-Middle attack), Outbank immediately recognizes the changed certificate and terminates the transfer in advance.

How to enable / disable the Secure Sync can be found here.