OneLock uses AES-256-CBC encryption algorithm with random padding to encrypt your messages, passwords and personal information locally on your device before it's securely transferred to our cloud servers (Hosted at Microsoft Azure Cloud & Amazon Web Services) using the standard SSL RSA 2048 bit encryption. Since OneLock uses zero-knowledge encryption we have no access to your data. We also use key stretching using PBKDF2 that adds extra security.
For sending secure files OneLock uses AES-256-GCM/AES-256-CTR. We authenticate files using HMAC-SHA256/MAC. The master or pattern login is never sent to OneLock. The master key is created using your master or pattern login and is never stored on disk. It stays in your device memory and gets cleared when you logout.
OneLock uses PBKDF2 with 128 bit random salt using combination of SHA256/SHA512/SHA3 to generate authentication key and encryption/decryption key that is used to encrypt/decrypt the data on your device. OneLock has a feature to lock the user account for few minutes if more than few unsuccessful login attempts is reached to prevent brute force attacks. Users that want to add more security and protect their OneLock account they can turn on 2 factor authentication from security settings and use Google/Microsoft/Other Authenticator App on their mobile device as the 2nd factor to login. The other option that is more secure is to use pattern login. The pattern login requires your master password and the pattern of your choice to protect your account even more. Pattern login creates super strong master key that is immune to dictionary word attacks and key loggers. This is a proprietary technology built to give you the ultimate data security. You can even turn on 2 factor authentication with pattern login to give you 3 level protection.
OneLock has also added support for YubiKey Two Factor Authentication using FIDO U2F protocol. You can find this option under security settings. Our YubiKey two factor supports up to 3 security keys. You can have one primary and the others as backup. YubiKeys are usb like flash drives that are durable, water-resistant and enable easy and secure second-factor authentication in seconds. Simply touching a YubiKey causes it to validate and authenticate access to your OneLock account.
OneLock offers device access controls for every user that can further harden the security of their account. Users can add and manage trusted devices or add rules to allow only specific IP addresses that can access the account.
OneLock security framework is built on the ISO 27001/27002, Cloud Security Alliance and NIST 800-53 standards. We have polices and processes established to ensure ISM is followed properly. We implement, maintain and continually improve our information security management system in accordance with the requirements of ISO and NIST standards.
OneLock routinely undergoes security vulnerability assessments and penetration testing by both internal staff and external third parties. Our security engineers design and code by following industry best practices from OWASP Top 10, SANS SWAT, SANS Top 25 Software Errors and more.
OneLock also focuses on making sure our security products have the necessary security controls in place to comply with
PCI DSS, HIPAA and other standards. For example our services like secure email or file transfer use encryption in transit and at rest and best part
is that even OneLock can't decrypt the data making it hacker proof.
We use Microsoft Azure and AWS (Amazon Web Services) for our datacenters. Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.
AWS has also certifications from ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2.
Azure: https://azure.microsoft.com/en-gb/overview/trusted-cloud
AWS: https://aws.amazon.com/compliance