SafeInCloud Review 2019

SafeInCloud is a proprietary password manager that has become popular with a growing number of Windows, Android, and iOS users. The free version has been downloaded from the Play Store over one million times with an average rating of 4.4. The premium version has over 100,000 installs with an average score of 4.8. Those are impressive scores, so what is drawing consumers to use this password manager? But, how does this password manager compare the competitors such as Google Drive, Dropbox, and OneDrive? We find out in this SafeInCloud review. 

SafeInCloud website

SafeInCloud was first launched in 2012. The password manager was developed by Andrey Shcherbakov and the closed source software is copyrighted to that individual. Although we do not know definitively, the availability of an extension for Yandex (a rarity) suggests that Shcherbakov is a Russian national.

The password manager is said to be easy to use, and it would appear that it is this and the ability to upgrade for a one-time fee (rather than with a yearly subscription) that entices people into purchasing the pro version. So, is it worth using the free version? And should you consider the paid upgrade?

Overview

SafeInCloud is a software solution that allows internet users to store multiple robust passwords without having to physically remember them. Users of SafeInCloud can remember just one master password to access any number of long unique passwords. Those passwords are stored locally on the user’s computer or mobile device, meaning that they are never stored online where they could be hacked.

SafeInPassword is available for all popular platforms, with software available for Windows, Android, iOS, and Mac. However, no Linux version is available at the time of writing and according to the website, there are no plans to develop it anytime soon. 

SafeInCloud also provides extensions for Chrome, Firefox, Safari, Opera, and Yandex. These extensions allow people to seamlessly import their passwords from their locally encrypted repository to autofill passwords on the Internet. 

The service can be used on any of those platforms for nothing, and that free software will permit you to save as many passwords as you wish. However, users who fall in love with the service and want a little extra can pay a one-time fee to upgrade to the “Pro” version. 

Users can purchase pro for iOS or Android at a cost of $7.99.The pro version lets the user share the password manager across five devices so that other team members can access the passwords.

Individuals can upgrade to pro either by lining it to an Apple ID or a Google account. The individual upgrade costs just $4.99. These prices are extremely affordable considering that they are one-time fees. 

It is worth noting that users get access to pro features within the first two weeks of downloading the apps. After that users will need to pay to keep using those features. The pro features that will disappear are listed below (taken directly from its knowledge base):

  • Cloud synchronization
  • Unlimited card storage
  • Website icons for cards
  • Password generator
  • Image attachments
  • Fast unlock
  • Login with fingerprint
  • Copy to the Notification panel
  • Auto-fill in Chrome
  • Empty clipboard by timeout
  • Android Wear app

Setup

Getting the SafeInCloud password manager set up and working is easy no matter which device you have. The Windows version can be downloaded directly from its home page. The Mac, iOS, and Android versions can be downloaded from the respective app stores.

We tested the Windows and Android versions in order to use features such as cross-device syncing. The desktop app downloaded and installed extremely quickly using a wizard. The installation included a Terms of Service agreement, which is extremely concise and makes everything about the service clear.

With the installation complete, simply auto-start the software to start using the password manager. The first option you get is to either start a new database or restore a previous database from the cloud (if you previously backed it up using a cloud storage service such as Dropbox). We opted to create a new database which meant that we had to input a master password. 

 SafeInCloud database set up

SafeInCloud operates with zero-knowledge of passwords or data. It is for this reason that it can provide the service for free (or at extremely low cost). Because all your password and data is stored locally and only you have control of your master key - it is essential that you do not lose this password. If you do lose it, you will not be able to recover your account under any circumstances.  

database created SafeInCloud

On Android, we accessed the app directly from the Google Playstore. The app installed in under 5 seconds. In order to set this client to be synced to the desktop version, it is essential to click the Restore data from a cloud option. This requires you to have set up your desktop version to work with a cloud service such as Google Drive. 

Setting it up is easy in the software because it is the first thing that the software asks you to do. Select the option you prefer and click authenticate. If you (like us) prefer not to use a cloud service you can import contacts via CSV, TXT, or XML file. You can also import passwords directly from a massive choice of password managers. To do so simply click file > export and select your preferred option.

syncincloud export values

Once the CSV has exported simply copy it over to your other device using a USB cable os SD card. We used this method and managed to import the CSV contacts we exported both from KeePass and the desktop version of SafeInCloud. For most people, however, the option to save the encrypted passwords is going to be a massive blessing that means they can recover passwords if they should happen to lose their device. 

Features

  • Very easy to use with cross-device synchronization
  • Apps for all popular platforms (no Linux)
  • Dark AMOLED black theme
  • Strong Encryption (256-bit Advanced Encryption Standard)
  • Cloud Synchronization (Google Drive, Dropbox, OneDrive, Yandex Disk, NAS, ownCloud, WebDAV)
  • Fingerprint login
  • Autofill in Apps (Android 8+)
  • Browser extensions
  • Android Wear App
  • Password Strength Analysis
  • Password Generator
  • Automatic Data Import
  • Cross-Platform

Ease of Use

SafeInPassword is easy to look at on all platforms, and because the software is near identical across platforms there is a very small learning curve. Automated prompts that encourage you to backup to the cloud make this extremely easy to get going on multiple devices.

While the service is primarily designed to keep passwords completely secure with local storage, users also get the option to store their encrypted passwords on a cloud service of their choice (OneDrive, Yandex Disk, Google Drive, Dropbox etc).

Once it is up and running, and has synced across devices using the Cloud, you are free to start inputting, creating, or auto-filling passwords. We decided to test auto-filling passwords in Chrome and installed the extension for this purpose. 

The extension asks you for your password and from that point on begins to autofill passwords from the desktop app. To import those passwords simply go to any page with a login and click the extension icon next to the URL bar. We genuinely found this feature to work extremely well and were impressed with the simplicity of the process. This password manager is definitely suitable for beginners.

With password autofill working, we decided to move onto testing a few other features. We particularly liked the auto-lock feature, which ensures that if you close the app window, it will lock and require the password. We set this to one minute. 

We also set it to lock when it is in the background (just in case we accidentally forgot to minimize it). These security features are extremely useful for ensuring that your passwords aren’t available if you are away from your screen.

The automatic password generator is good for people who tend to stare at their screen when they are asked to come up with a strong password. However, the generator isn’t the best one we have ever seen. The ability to make passwords only 31 characters long seems a bit short and because your password manager will be remembering your passwords we see no need for them to be memorable. However, it is a useful feature, nonetheless.

For those who like to be able to autofill their card details when shopping online, the option is there to do so. Users also have the ability to save encrypted Notes and various different data types. Autofill can be enabled or disabled for each type of data depending on its sensitivity and whether you require autofill or not. 

Overall, SafeInCloud keeps things simple and sticks to doing what it is supposed to which is remembering passwords and autofill data. While it may not be as feature-packed as some other services, it definitely does everything we would hope from a password manager, and because this is both cheap and easy to use; it is a service that is well suited to beginners and which may be desirable to anyone who wants cross-platform functionality with solid autofill capabilities. 

Privacy

Because this service functions in a zero-knowledge manner, there should be little to worry about in terms of privacy. However, SafeInCloud is closed source which means that you do have to trust the privacy and security levels it claims to provide.

In theory, storing passwords locally with a key that only you know means that you do not need to trust anybody else. If you create a backup on a third-party cloud service, you do increase the risk of your passwords being hacked. However, SafeInCloud always uploads those passwords in an encrypted format, which means that if someone were to steal your backup, they would also need to know your master password to access the data. As long as you create a strong password in the first place, this should not be possible. 

The privacy policy itself is brief, and it is not technically GDPR compliant (because it doesn’t specifically mention GDPR and people’s rights). However, the policy does make it clear that:

“The Application does not collect any personal information and does not transfer any personal information to any 3rd party. The Application may transfer anonymous usage statistics and crash logs to the Developer. This transfer can be switched off in the Application’s settings (About > Privacy).”

For the truly privacy-conscious, it may be worth switching that minimal amount of logging off.

The policy also states that:

“The data are always being stored and transferred via the Internet in an encrypted form. The Application does not send user data to anyone else.”

This is in keeping with the localized nature of storage that SafeInCloud uses, and we have no real reason not to believe the service works as it claims. However, as is always the case when the software is not open source, the clients can not be audited by any third parties and it is impossible to verify its claims.

Security

All passwords that are stored on your hard drive by SafeInCloud are first encrypted with strong AES 256. This is considered military-grade encryption, which means that your password files are robust enough to withstand being cracked long into the future (using currently understood methodologies). 

If you decide to create a backup of your passwords on the cloud, the passwords will be in an encrypted format, and they will be transmitted to the service using HTTPS. Thus they will be secure both at rest and during transit. 

We checked SafeInCloud’s website using Qualys SSL Labs to see how its TLS fared and were sad to find that it only got a B. This is a low score. However, because you never actually transmit any important data (the passwords) from the software to those servers anyway, it should not be an issue. 

On the other hand, the service is closed-source so it could be doing anything (including sending your AES keys back to SafeInCloud entirely unencrypted). If that were the case, poor SSL security could allow those keys to be stolen by any third party using a Man in the Middle attack. 

Customer support

 Anybody with a question for customer support will need to contact the firm using the email address provided on its website. The firm claims to answer those requests within two business days. This is not the fastest customer service available on the market, however, as the service is free (and extremely low cost even if you pay) it could be considered commendable that it manages to answer queries at all. 

What’s more, the service does have a very well rounded Knowledgebase with lots of guides and articles that answer most if not all the FAQ you may be able to think of. For this reason, the vast majority of people should be able to get the password manager working without any trouble. 

However, for anybody who wants a password manager with well-manned customer service, it may be better to look elsewhere.

Conclusion

If a password manager that is easy to use and costs a very small one-time fee is what you want, SafeInCloud seems like an excellent option. The fact that passwords are never transmitted to company servers is a plus, and retaining full control over your keys is excellent. The software is easy to use on all platforms and the synchronization feature is set up to work with ease

Although it isn’t exactly oozing with extra features, this password manager does more than just manage passwords. The ability to generate strong passwords is cool, and the autofill feature works seamlessly once you install an extension. This is not always the case, which just goes to show that this is well-written software.

The closed source nature of the code is definitely a disappointment because it does mean that you have to trust the service to protect your data as it claims. However, for most people, this password manager may well provide the level of security they need. 

We could presume that the developer decided to keep it closed source simply to stop it being cloned, but it nevertheless creates a trust problem. Anybody who wanted to could test SafeInCloud’s claims by analyzing all their traffic using WireShark. This would allow them to see if the password manager was transmitting data back to its servers when it shouldn’t be. However, this would need to be a long-term project, because the software could send data back at any point.

Finally, this is without a doubt one of the easiest password managers we have ever used, and for this reason, we can recommend it to beginners. 

Written by: Ray Walsh

Digital privacy expert with 4+ years experience testing and reviewing VPNs. He's been quoted in The Express, Barrons, the Scottish Herald, ThreatPost, CNET & many more. Ray is currently rated number 1 VPN authority by Agilience.com.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.