When you access Tresorit via a browser, your password and data remain protected with end-to-end encryption (E2EE). Your credentials never leave your device without encryption, ensuring that only you can access your account and data.
Sign-in
If no active session exists, you'll be redirected to the Web Access login page. Tresorit verifies your password using a secure challenge-response protocol. Once confirmed, your encrypted profile is delivered to your device.
ℹ️ If you sign in with Single Sign-On (SSO), see the SSO security considerations.
Unlock your data
Your profile is decrypted locally on your device using either the password you entered or the secret obtained via SSO. From this, your device generates 4096-bit RSA certificates, which are sent to Tresorit servers for signing with SHA-512. Once validated, you're logged into the web client with a fresh device certificate, and with your encrypted profile on the device, you can access all your files securely.
ℹ️ See how passwords are secured in Tresorit.