Most sites store a password with your account information. When you log in, the site compares what you entered with what is in the database, and if they match you are logged in.

The data in the database is not encrypted, or its encrypted using an algorithm common to all data on the site, the site relies on the fact that you logged in to ensure that no-one else can see your private data.

Many sites encrypt the password, using an algorithm common to all passwords on the site, so that should an external bad person gain access to the database they will not be able to read your password. (some do not)

But remember, most site breaches are inside jobs

At 3rdKey.com, we go one step further. We do not store your password at all.

Instead we keep all of your data encrypted using the two keys you provide when you log in. Two keys that we don't know. We can't decipher your data without your keys, and only you know them.

That's worth repeating, we can not read your data without the keys that only you know.

Insiders can't get to your data.

Here is a list of things we do not encrypt, these are things insiders can read, and if our data is released, this is your level of risk.

• User ID
• User Name
• Number of log in failures (in a row)
• The date your account expires
• Whether or not you want to see instructions on every page
• The minimum length of new passwords we generated the last time we generated one for you
• The maximum length of new passwords we generated the last time we generated one for you
• Whether or not to include special characters the last time we generated a password for you
• The date and time the record was added to the database
• The date and time the record was changed in the database

• First Name
• Full Name
• Email address
• Mobile phone number
• Reminder text
• Anti-Phishing Phrases