Synology just launched their C2 Password on 22 July 2021. Synology C2 is a suite of cloud services (by Synology, of course), designed to meet the storage, password management, secure file sharing, and backup needs of home users, prosumers, professionals, and businesses. Besides C2 Password, C2 Storage has been available for a couple of years if I did not remember wrongly. The rest of the Synology C2 suite, C2 Backup, C2 Transfer, and C2 Identity, are still in the “Coming Soon” stage according to the Synology C2 site. Synology C2 is designed with 3 key principles in mind,
- Trusted Cloud Infrastructure: Data storage security supporting both server-side encryption and also client-side encryption via private keys that never leave your device.
- Compliance and Privacy: Colocated data centers that pass stringent and rigorous inspection and certification (ISO 27001 and SOC 2 Type II) for security procedures and physical safety features.
- Data Residency: Data centers in the USA, Germany, and Asia (coming in 2021) to ensure data is stored exclusively in the country of choice of the customer.
Introduction to C2 Password
C2 Password is Synology’s answer to the demand for credential management products. Other products on the market include 1Password, LastPass, or BitWarden. The key purpose of C2 Password is to provide credential management from any platforms and devices, and secure sharing of files, all done in the highest security standard available today. Let’s take a quick look at the features/components of C2 Password:
- My Vault: This is the main dashboard/landing page of C2 Password whereby all the items of the credential management are listed and organized. These items are securely kept in Synology’s C2 Cloud and made available (and synchronized) on various platforms including its web portal, web extensions on supported browsers such as Chrome and Edge, and also on iOS and Android Apps in the near future. The types or categories of items that C2 Password’s credential management can support will be shown later.
- Password Generator: This is where C2 Password can help to suggest and generate passwords with customizable lengths and strengths to meet each user’s needs. Another feature of the Password Generator is the generation of time-based one-time passwords (TOTPs) for websites and other services that require 2 step authentication.
- File Transfer: This allows the sharing of files securely with a target group of recipients via a time-limited URL and support for a limited number of downloads and also watermarking of the shared file.
- Platform Security: The C2 Password Platform is protected using end-to-end RSA-2048 and AES-256 standards and this encryption is always done on the user’s devices. This zero-knowledge design guarantees that all your data is always encrypted before reaching the Synology C2 Cloud. and hence even the C2 Password is not able to decrypt the contents. Login to C2 Password platform support 2FA for strong authentication to the contents. For more information on how the C2 Password Platform is designed with security in mind, you can check out the white paper released by Synology on this topic.
Here are some feature comparisons between C2 Password and the other credential management products on the market based on the best available information on the respective websites*.
For more information on C2 Password, the help and FAQ can also be found here.
Registration and Setup
To use C2 Password, first, you will need to register for an account/login and also set up the browser extension (Chrome in my case). Let’s take a step-by-step walk-through of this process.
After registration and setup of the browser extension, let us take a quick look at the different categories of credentials supported by the C2 Password vault. So far, I have only tried the Login and Secure Note. For the rest, I suspect they are more for secured storage on Synology C2 Cloud for now.
Secure File Sharing
After looking at the credential management, let’s have a go on how to use the secure file sharing feature of C2 Password.
The recipient upon clicking on the URL will be shown a C2 Password website asking to key in their email access. Note that the email will not be automatically populated just in case the link falls into the wrong hands.
What if I have somehow gotten the shared link and reached the website asking me to key in the email address? No worries, if the email account is not part of the recipient list, the Access Code will not be sent.
Currently, the C2 Password is still very new and infant. Features such as My Vault, Password Generator, and Secure File Transfer certainly do serve and work according to what they are supported to do. However, I did find some areas in the usabilty that I thought could have been made more user friendly. For example, if I can directly navigate and log into the website that I wish to access just clicking on the item in the list on the C2 Password Chrome Extension, instead of clicking through the steps shown below. Also, some how, the Password Assistant that pop out on login input fields seems to be “fighting” with that provided by Chrome. These are some of the things that would help to improve the user experience of C2 Password for sure.
To access and log in to any of the website accounts you set up in C2 Password, I would naturally click on the C2 Password Chrome Extension icon. It shows the list of accounts but it only allows me to copy the username or password.
Clicking on the down arrow reveals more details on the account. Only clicking on the highlighted icon next to the URL will launch the website you want to access and log in. Clicking on the URL itself triggers no action too.
C2 Password is Synology’s answer to the world’s demand for credential management products. After about one week or so of using it, I can say that is it is working as per what it suppose to do. I have been using the C2 Password as a password manager more than anything else. Though there are some areas of improvement for a better user experience, I am comfortable with using it, with no difference from the other credential management products. Since C2 Password is able to support various categories of identity data in My Vault, I was hoping that more integration features between these categories and other Apps or settings can be made available by C2 Password. For example, the fields and data captured in the Email Account item can automatically configure the email client on my new laptop, or, the WiFi Router item can be used to configure routers or WiFi settings on new devices in my network.
Currently, C2 Password is still free but there seem to plan for Synology to make it into a paid service. However, with the other popular services such as 1Password, LastPass, and even BitWarden starting to charge for more features and device synchronization, Synology C2 Password is certainly giving these a run for the money. Give C2 Password a try and let me know your views in the comments below.