One of the biggest problems on the internet is credential stuffing attacks. In these attacks criminals use passwords gained from websites that were previously breached to gain access to new websites. According to the Wikipedia list of data breaches over 2.7 billion identity records with 21 million unique passwords was offered for sale in 2019. This means that if you reuse passwords or manually create them you are likely to get hacked. The most practical way to prevent password reuse and to automatically create strong passwords is a password manager.
While using a password manager is a great way to keep yourself safe only 6.8% of people was able to provide the name of a secure password manager application and 59% use the same password everywhere. At Tilig it is our mission to make people more secure online and we think there are two things that need to change to get most people to use a password manager:
Read along to see how Tilig achieves both.
If you use a traditional password manager like 1password you are asked to:
If you lose either your master password or the paper are at risk of losing all your passwords. We don't think that is easy to use. With Tilig there is no master password so it is much easier to use.
There is no master password in Tilig because we only use server side encryption of passwords and don't do client side encryption. The advantage is that Tilig is much easier to use, you don't need manage a master password. The first potential downside is that if attackers breach Tilig and get our encryption keys they can get all your passwords. This is why we are trying to keep Tilig secure from attackers, similar to business password services that use server side encryption like Okta. The second potential downside if that criminals get access to your Google or Apple account they can access your passwords. We think that in most cases getting access to such a crucial account would allow an attacker to get access to your accounts anyway, for example by resetting passwords via Gmail.
Because Tilig relies on your Google or Apple account we save significantly on our costs:
That is why Tilig is a free service without a monthly subscription fee. In the future we might charge for business accounts or introduce additional services like virtual credit cards or virtual phone numbers to make people more secure online.
The following details are meant for giving an idea of our appreach to keeping your data secure, some of it might be out of date or inaccurate.
We want your feedback, send us an email with any and all feedback!