Service Description

Terms of Service Service Description Privacy Policy

 

This Service Description sets out the attributes of some of the Services we may provide you from time to time. In the event of inconsistency, our Terms of Service take priority over the contents of this Service Description.

 

1. Future Pass

 

1.1. Where available on your operating platform:

1.1.1. A user can download the Future Pass App from the official App Store of their device platform, or create and maintain their account at www.futurepass.com.

1.1.2. To the extent permitted by law, we provide no representations or warranties as to the effectiveness of Future Pass in securing your data or preventing cyber-attacks.

1.1.3. A user can select a basic subscription or upgrade to premium for an additional fee.

1.1.4. Payment terms (if any) are set out at the time of download or within the Future Pass App or website.

1.1.5. When a user creates a Future Pass account, you set a password for your account (“account password”).

1.1.6. The account password should be long, strong and unique to your Future Pass account (i.e. not used for other accounts) to ensure that it cannot be easily guessed, or brute forced by a bad actor or cyber-criminal.

1.1.7. In order to detect / notify you of potentially compromised passwords, your account password and saved login details may be checked against known exposed passwords from previous third party data breaches, as provided by “Have I Been Pwned” API https://haveibeenpwned.com/API/v3#PwnedPasswords (Data Breach Detection Function). This occurs on your device to help preserve your privacy.

1.1.8. It is critical that you do not share your account password with anyone, including us, as the encryption process we use to keep your data safe in-part depends on only you knowing your account password.

1.1.9. Our password generator:

1.1.9.1. generates unique, random passwords based on the configured generator settings;

1.1.9.2. is configurable by the user, which may impact the overall quality of the generated password;

1.1.9.3. can generate passwords up to 128 characters in length.

1.1.10. Any password analysis (including the Data Breach Detection Function) or scoring:

1.1.10.1. is dependent on the accuracy and completeness of the data entered by the user;

1.1.10.2. analyses multiple characteristics of the password; and

1.1.10.3. is provided for informational and guidance purposes only and should not be solely relied upon.

1.1.11. The data that you keep in your secure storage (which may include notes, passwords, two factor codes and card numbers) is encrypted and decrypted on your device. If we need to transmit your encrypted storage data (such as between devices, or to the cloud), we encrypt your data a second time locally on your device before transmission, to further ensure that your data remains as secure as possible. We further encrypt data before its stored in our cloud.

1.1.12. We do not store or transmit your account password in its original plain text form. We instead use techniques such as ‘one way’ derived hashes.

1.1.13. A passcode must be set on the device to use the Future Pass App, as this provides a secure environment to store encrypted data.

1.1.14. “Secure storage” is where your saved notes, passwords, cards and two factor codes are encrypted and stored.

1.1.15. We use industry grade encryption to encrypt your data.

1.1.16. On iOS, we make use of the iOS keychain property “kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly”. This is considered one of the most secure properties offered by iOS.

1.1.17. As a result of this setting:

1.1.17.1. Your device must be unlocked for the data to be accessible

1.1.17.2. Only the Future Pass App can access the data

1.1.17.3. The data won’t be backed up to iTunes or iCloud, and cannot be restored on another device (making it extra secure)

1.1.18. If you remove the passcode from your device, the data will be automatically deleted from the device.

 

2. Phishing Alert

No longer available for new downloads

 

2.1. Phishing Alert is a web-based browser extension (plugin) that aims to detect, warn and teach you about common ‘phishing’ techniques.

2.2. To the extent permitted by law, we provide no representations of warranties as to the effectiveness of Phishing Alert in detecting common types of ‘phishing’ attacks.

2.3. The User installs the plugin from the official browser add-on sites. It runs at the top of their screen, and if it detects 1 of 4 types of ‘phishing’ techniques, it will redirect them to a “safe” page where it alerts them to the possible phishing attack, and breaks down the rationale.

2.4. Payment terms (if any) are set out at the time of download.

2.5. There are 4 common types of ‘phishing’ attack methods:

  • Data URI blocks

  • Script tags

  • HTML Tags

  • Large blocks of space

 

3. Additions to this Service Description

 

If we decide to change this Service Description, we will post the changes on our website. Please refer back to this Service Description to review any amendments.

Last updated January 14, 2021