The new heylogin Security Whitepaper 3.0

Our new Security Whitepaper is here, 43 pages packed with insights into our architecture, cryptography, and security principles.
With Version 3.0, we not only document the technical progress since 2023 but also make it clearer than ever why heylogin is a modern, secure alternative to traditional password managers.

Why a New Whitepaper?

Since Version 2.3 (August 2023), heylogin has evolved significantly – both technically and conceptually. Version 3.0 brings these developments together, expands platform support, and highlights the differences from master-password-based systems even more clearly.

Key Updates at a Glance

1. Clearer distinction from legacy password managers
A more detailed analysis of master password weaknesses and realistic attack scenarios, including cost estimates for offline brute-force attacks.

2. True 2-factor encryption
The second factor in heylogin is not optional and not just a cloud login safeguard, it is an integral part of the end-to-end encryption process.

3. Extended hardware support
In addition to smartphones, heylogin supports FIDO2 security keys, TPMs, and smartwatches as authenticators.

4. Brute-force protection across all platforms
Detailed explanations of iOS, Android, and FIDO2 key protections, including Secure Enclave, Titan chip, and other hardware-based mechanisms.

5. Protection even on unlocked devices
heylogin enforces a local re-authentication for security-critical actions, even if the device is already unlocked.

6. Convenience without compromising security
1-click logins, TOTP autofill, and an overlay that feels like SSO, but with true end-to-end encryption.

Security Is Not Optional

In an era where data breaches make headlines almost daily, we rely on an architecture that protects users even in the event of a server breach or device loss. Attacks against heylogin do not scale, unlike attacks on master-password-based systems.

‍

📄 Read the Whitepaper (PDF) here: heylogin Security Whitepaper 3.0

‍