Frequently Asked Questions

Click on a Question to view the related questions asked mostly.

How does your file storage service differ from that of Google Drive, Dropbox, or OneDrive?

Other services transmit your files to their server securely, but once your files arrive on their server, they have access to your files. Even if they encrypt on their server they still have access to the keys to decrypt later when you decide to download the files. In other words they can decrypt your files because the encrypted keys are stored on their site. There is also a risk of hackers getting into their site and accessing your files. With OneLock we encrypt your files locally on your device using secure random 256-bit key encryption. We then encrypt this key using your private RSA 2048/3072/4096 bit key. Then your private key is encrypted using your master password. After the files are encrypted, they are transmitted securely to our cloud storage. With our service no one can read your files without your master password which only you know. Even if hackers get into our site they still can't read your files because the files are encrypted. In a nutshell, if you are serious about your privacy and want to secure your confidential data so that only you and those who you share with can access them, then OneLock is the best solution for you.

What do you mean by zero-knowledge or end-to-end encryption?

Both zero-knowledge and end-to-end encryption are the same thing. What this means is that your data is encrypted and decrypted locally on your device. No one including OneLock has any knowledge about your keys or data/files. Only you and the people you share with can decrypt your data/files.

How can I be sure that sending secure email through OneLock is really secure?

Sending secure email uses zero-knowledge encryption just like our secure file storage and password manager. When you send secure email you can see a window that says "Encrypting and Sending". This tells you that we encrypt first before sending the file(s) to our cloud storage. If you want to dive in to the technical details and really see this in action, we suggest downloading a proxy tools such as Fiddler/Burp/Zap and watching our traffic when files are sent to our cloud server. You will notice the files are not readable and the reason is because they are encrypted. You can also view the code from the browser if you would like to review the code yourself.

Why do you use open source encryption library? Wouldn't that pose security risks, since technically everyone can see the code?

No, it's actually the opposite. Open source means an entire community of security engineers is contributing and working together to improve the code. It also proves that there are no hidden backdoors, since anyone can review the code.

What do you mean when you say there is no middleman?

Some services entail a third party holding the keys to your data while the provider of the service hosts the data. In such instances, the third party is the middleman. With OneLock there is no third party. You hold your encryption keys.

If my data is hosted on OneLock, do I really own it?

Yes. When you save your data or upload files to OneLock you own your data and files.

When I send secure email to someone, do they need OneLock account to read it?

No. If they don't have OneLock account they can still read it. We use our proprietary technology to accomplish this. However they can also read the secure email by creating a free/premium account.

Can I close my account at any time?

Yes. After logging in, under the more menu, there is an option to close your account. However if you close your account it will also delete your encrypted data/files. Make sure you download your files first before closing your account.

Can I change my email address after I create an account?

Yes. You can change your email address when you change your master password.

Where are your datacenters hosted?

We use Microsoft Azure Cloud and Amazon AWS to host our cloud storage servers. This gives you high availability and security.

Can OneLock recover my master password if I forget it?

No. Your master password is your master key. If you forget it then even we can't recover your saved data. We recommend taking few minutes/hours/days and seeing if you can remember your password. If you still don't remember your password then the last option is to reset your account and you have to start over and all your data will be lost. With zero-knowledge encryption comes great responsibility. Try not to forget your master password or passphrase.

Can I use only a pattern login without master password?

No. There may be a security risk if you use only pattern login. However long and good random pattern will be secure enough by itself, we only offer pattern login on top of the normal password which makes your password super strong.

What are the benefits of using a pattern login?

Pattern login gives you another layer of security. It's immune to dictionary word attacks and key loggers. Used with a master password, gives you two level of authentication, which makes it more secure than the rest of the password managers.

Is fingerprint authentication secure? How does it compare with OneLock?

The short answer is no. Fingerprint scanners are convenient but not secure. Can you trust fingerprint authentication when you leave your fingerprint everywhere you touch especially on your mobile devices? If you have sensitive data that you want to protect you should never use fingerprint authentication. However for non-sensitive data it may be acceptable. OneLock was developed to simplify life as much as possible while still keeping sensitive data secure. Using OneLock you can always change your master/pattern password anytime. However with fingerprint authentication you can not. Once someone gets a hold of your fingerprint, it is difficult to recover from this based on the fact that you cannot change your fingerprint.

Is facial recognition safe to use for authentication?

As above, the same goes for facial recognition authentication. It's not secure. Someone can use your picture or 3D printed face and the computer will not know the difference. While you can always make the computer perform more checks, there are always more clever ways to trick the system. Using facial recognition for authentication should not be used for any sensitive data.