Many companies and private users face the same question: How can passwords and other sensitive information be reliably protected and still used conveniently – including audit-proof deletion of data that is no longer needed and without unnecessary risks in relation to cloud locations?

Below, we show how Password Depot enables a high standard of security—from password management to strong encryption and secure password generation to final data deletion and secure storage locations.

Efficient management of authentication data

The number of required access data (passwords, user IDs, PINs) is constantly increasing. Sticky notes, spreadsheets, and browser memory are commonplace in everyday life, but they are prone to errors and encourage password reuse. Specialist authorities such as the BSI and the UK's NCSC therefore recommend the use of a password manager: it generates strong passwords, warns of weak or compromised passwords, and facilitates clear assignment. Source: BSI, Source: NCSC

Practical tip: Use a separate, strong password for each service and activate multi-factor authentication (MFA) wherever possible.

Maximum security for storage and access

Password Depot stores passwords and other confidential information (e.g., license keys, identity and payment data) in encrypted form. It uses AES-256 – a method standardized by FIPS 197; the NSA includes AES-256 in the current CNSA 2.0 suite. FIPS 197, NSA CNSA 2.0

The master password is the key to your database. It is not stored in plain text; instead, a cryptographic derivation value is used during login. Modern guidelines require, among other things, strong password hashing methods and salt, as well as rate limiting on the verifier side. NIST SP 800‑63B‑4

Important: Complexity rules (mandatory special characters, etc.) are considered counterproductive. We recommend long passphrases and checking against blocklists (frequently used/compromised passwords). Passwords should only be changed if compromise is suspected—not at fixed intervals. NIST SP 800‑63B‑4, NCSC: Three random words

Generating strong passwords – truly random, properly tested

Password Depot uses cryptographically secure random values to generate strong passwords. Entropy can be derived from unpredictable user interactions (e.g., mouse movements) and system sources to initialize the random number generator with high quality. In addition, the generator checks the quality (including dictionary and leak list comparisons) to prevent weak or already known passwords – in line with current guidelines for comparison against compromised values. NIST SP 800-63B-4

Recommendation: Use automatically generated passwords with a high length (e.g., ≥ 20 characters) or, where usability is critical, use long passphrases (e.g., three to four random words). NCSC background

Final data deletion – what really applies today

Password Depot provides methods for securely removing confidential files, including the widely cited DoD 5220.22-M overwriting (multiple passes). Historically significant – but: For modern media (especially SSDs), the authoritative reference today is NIST SP 800‑88 Rev.1. This distinguishes between Clear, Purge (e.g., Cryptographic Erase, ATA Secure Erase) and Destroy and addresses device-specific procedures. NIST SP 800‑88 Rev.1

In practical terms, this means that HDDs can be securely wiped in many scenarios by means of documented overwriting (clear/purge); for SSDs, sanitize/secure erase or cryptographic erase are the preferred methods. NIST explicitly lists these options (including TCG/ATA commands). Details in NIST SP 800‑88 Rev.1

Plain text: DoD 5220.22-M is more of a historical reference; in the US regulatory world, the NISPOM guideline (DoD 5220.22-M) has now been replaced by 32 CFR Part 117 (NISPOM Rule). The standard for deletion practices today is NIST 800-88. DCSA on the NISPOM Rule, NIST SP 800-88 Rev.1

Secure storage & data sovereignty with Password Depot

Password Depot offers organizations maximum flexibility: With Password Depot Client and Password Depot Enterprise Server, you decide where to store your data – e. g. completely on-premises (no third-country transfers) or in an EU hosting facility of your choice.

Legal context (EU↔US data flows): In 2020, the ECJ overturned Privacy Shield (Schrems II), and since then, additional measures have been necessary for transfers to third countries. In 2023, the EU Commission issued the new EU-US Data Privacy Framework (DPF), which was confirmed by the EU Court in 2025 – a certain degree of legal certainty exists, but legal debates are still ongoing. Those who choose storage locations independently (e.g., on-premises or EU hosting) minimize dependencies. ECJ C‑311/18, EU Implementing Decision 2023/1795, Confirmation 2025

Final considerations

Security is not a one-time project, but a process. Password Depot helps you generate strong credentials, store them securely, use them in a controlled manner, and—if necessary—delete them permanently. Combined with clear policies (MFA, passphrases, regular checks for compromised passwords, NIST-compliant deletion processes), you can achieve a robust, practical level of protection.