Hardware password manager to protect against phishing and malware

SecretPad stores your passwords and credit card numbers in the protected memory and submits them directly to the remote server. Your passwords and card numbers are never entered from the keyboard, they are not displayed on the screen and never even get to the computer memory which makes it impossible to be intercepted by a spyware. To prevent such attacks as Man-in-the-Middle and Phishing, SecretPad establishes a direct encrypted channel to the bank’s server after verifying its certificate.


Secure keypad for safe input of passwords and one-time codes

Many banks offer their customers one-time passwords (OTP) or transaction authentication numbers (TAN) as an additional security measure. One-time password may be received as an SMS from the bank, from a scratch-card or even generated by a hardware security token but it may still be easily stolen while being entered into the computer and sent to a hacker instead of the bank. To solve this problem SecretPad offers a special keypad for secure input of one-time passwords which it sends directly to the bank’s server.


Trustscreen for tamper detection and prevention of fraudulent transactions

Cyber criminals may steal money from your account by changing transfer amount and beneficiary account information at the time payment data being sent to your bank. SecretPad allows you to see the exact details of the payment which your bank will receive by displaying them on a special trusted screen which is protected from any harmful programs on your computer. With SecretPad you may detect tampering easily and prevent the fraudulent transaction by cancelling the submission of a payment order to the bank.


How SecretPad works

Step 1

User opens bank’s website in his browser. At this moment two HTTPS connections are established: browser-to-SecretPad and SecretPad-to-server.

Step 2

User submits logon form without entering his password and browser sends HTTP request containing username only. The request is routed via SecretPad by the proxy.

Step 3

After user's confirmation SecretPad substitutes password from internal storage into the HTTP request and submits it to the server using direct encrypted connection.

Technical specifications

Advanced cryptochip for secure password storage and traffic encryption

  • High-performance 32-bit RISC core
  • Analysis-resistant cryptography engine
  • On-chip secure memory
  • Sophisticated tamper-detection technology with rapid key destruction
  • True hardware random number generator
  • Meets FIPS 140-2 Level 3 requirements

Dedicated touchscreen for trusted data display and secure entry

  • 2,4-inch diagonal touch-sensitive display with 240x320 pixel resolution
  • LED backlight
  • IPS technology

Supported protocols and algorithms

  • TLS version 1.0, 1.1 and 1.2 with RSA (up to 2048 bit) as the key exchange mechanism, AES or Triple DES for data encryption and SHA-1 for message authentication
  • AES-256 for internal memory and backup encryption

Additional features

  • PIN for protection against unauthorized usage
  • Support for multiple banking and financial sites simultaneously
  • Portable Mozilla Firefox on the virtual CD
  • Encrypted local and online backup of user’s passwords
  • Digitally signed automatic updates


  • Size: 66,5 x 47,0 x 8,5 mm
  • Weight: 32 g

System requirements

  • Personal computer running Windows XP SP3, Windows Vista, Windows 7, Windows 8 or Mac OS X 10.7 or later
  • USB 2.0 port
  • Internet connection

Sign up to stay informed

Follow SecretPad on social networks or sign up for email notifications.