Skip to main content
US flag An official website of the United States government

How keeps personal information private encrypts the sensitive personal information of each user separately using a unique value generated from each user’s password. Our encryption method works like a safe deposit box in a bank vault. Only the user has the key. Only the user can open the box to reveal the contents. Only the user knows the password, and only the user can decrypt their information.

The vault

It’s hard to break into the “vault” or database. implements the latest National Institute of Standards and Technology (NIST) standards for secure authentication and verification. Our plans for ongoing security include regular penetration testing and external security reviews.

The safe deposit box

Individual accounts get a double layer of security. We require two-factor authentication as well as strong passwords that meet new NIST requirements. two-factor authentication requires that you login with your password and a code that we send to your phone.

We will evaluate and implement new authentication methods as they become widely available to make sure that remains accessible and secure.

Your personal key

Encrypting personal data separately means that cannot share any sensitive information with other government entities without users’ permission. Not even database administrators can decrypt a user’s personal information without the user’s password.