| Logins with MFA | Every login is multi-factor, using the combination of biometrics and certificates. |
| FIDO2 protocol | Idemeum mobile app implements MFA based on modern FIDO2 standards. |
| Distributed storage | Sensitive data, such as break-glass credentials, can be accessed offline on mobile and can be pushed to external systems. |
| Device recovery | When encryption keys are lost, recovery can be performed using the emergency key, or with approval by other technicians. |
| Device compliance checks | Validate the compliance of devices using Android and iOS built-in security and signing certificates before granting access to idemeum portal. |
| Multiple encryption layers | Transmitted data is encrypted multiple times, authenticated by both transport layer security (TLS) and the user-managed transit symmetric and asymmetric cryptography keys. |
| Hardware backed storage | Mobile crypto keys are stored leveraging Strongbox or iOS security enclave on Android and iOS. |
| API key encryption | Even when enabling API integrations to perform automated actions on vault data, all encryption is performed with security API key that is not persisted in the cloud. |
| Data security | Idemeum is designed with end-to-end encryption (E2EE) principles. What that means is that when the desktop agent is installed, the encryption key is passed and kept on the desktop. All sensitive information is encrypted with that key, before it goes to the idemeum cloud. Idemeum team is not able to see information such as passwords and sensitive credentials. Even if idemeum cloud is compromised, the sensitive information will not be exposed. |
