Password encryption
Hackers try to steal passwords in order to access your personal data or e-wallets. It is best to encrypt your stored passwords, so even if hackers manage to steal them, they won't be able to use them.
Password encryption in Yandex Browser
The password vault is encrypted using the AES-256-GCM algorithm, which uses a key. The AES-256 algorithm is considered reliable: the Department of Homeland Security in the USA recommends using it to protect Top Secret data.
However, even the most complex encryption algorithm will not protect your passwords if a hacker finds the encryption key. The master password lets you use very powerful encryption for the key.
The key is encrypted using the master password.
The master password is not stored on devices, so it can't be stolen. With a master password, you don't have to worry about:
- Theft of the passwords stored on your smartphone.
- Losing passwords if your smartphone is lost or stolen.
- Synced data stored on Yandex servers (the encryption is set up so that even Yandex cannot decrypt your passwords).
This option is less reliable due to the following risks:
- Anyone who opens Yandex Browser for Mobile on your smartphone can view your passwords in the manager.
- Your encryption key is protected by your operating system, rather than a master password. If hackers access to your phone, they can steal and decrypt your passwords.
- Yandex can access your passwords during syncing.
To learn more about password encryption, see Password encryption in Yandex Browser.
Master password
A master password provides an additional level of security for your passwords. After you create a master password, the browser will request it when you attempt to open the password vault or enter a previously saved password in a login form.
Instead of a huge number of passwords from websites, you will only have to remember one master password. Passwords from websites will also be more secure. Access to the vault is locked by the master password, which cannot be stolen, because it's not stored on devices.
Create a master password
To create a master password:
- Tap
→ 
. - Under Passwords and cards, tap Settings.
- Tap Create master password.
- Enter the master password. We recommend using passwords that are complex but easy to remember.
- Tap Create.
- Then re-enter the password to confirm.
- Tap Create.
Now you can save website passwords in your browser and your password manager will only be accessible if you enter your master password. The master password you created is not saved on the smartphone or on the server. Only a key encrypted with it is saved.
Change the master password
To change the master password:
- Tap → .
- Under Passwords and cards, tap Settings.
- Tap Change master password.
- Enter your current master password and tap Continue.
- Enter your new master password. We recommend using passwords that are complex but easy to remember.
- Then re-enter the password to confirm.
After that, the key encrypted with the master password is re-encrypted and synced with your other devices at the next sync. The master password is not saved on your smartphone or on the server.
Delete master password
- Tap → .
- Under Passwords and cards, tap Settings.
- Tap Delete master password.
- Enter your current master password and tap Continue.
After that, the browser will no longer request your master password to access passwords. At the next sync, the master password will be deleted from other devices.
Time to block storage
You can change the time after which the browser blocks access to the password vault and requests the master password when someone attempts to access it:
- Tap → .
- Under Passwords and cards, tap Settings.
- Tap Confirm access when filling in saved passwords.
- Enter your current master password and tap Continue.
- In How often, select one of the options: After restart, After lock screen, or Never.
If you forget your master password
In this case, the only thing you can do is delete the passwords in storage and re-create the master password:
- In the entry dialog where you enter your master password, tap Forgot password.
- Tap Delete passwords.
- If you have a passcode on your smartphone, enter it here.
- Re-create your master password
Passcode, Touch ID, Face ID
To avoid entering the master password every time you unlock your smartphone, lock the device using one of the conventional methods instead (passcode, Touch ID, or Face ID). Your passwords in storage will still be encrypted with the master password. Each time you unlock your device, the browser will restore your master password and then decrypt the password vault.
If you delete your master password, the browser will no longer ask for your passcode, Touch ID, or Face ID.
To change the password unlock method:
- Tap → .
- Under Passwords and cards, tap Settings.
- Tap Confirm access when filling in saved passwords.
- Enter your current master password and tap Continue.
- In the Confirmation method section, select the option you need. The available options depend on your smartphone model.
If you can't find the information you need in Help or you are having issues with Yandex Browser for Mobile, please describe your actions step by step. Take a screenshot if possible. This will help our support specialists quickly find a solution for the issue you're experiencing.
→ Advanced → Report problem or fill out the form.