1. Bron Account
Bron doesn't support passwords. Logging in to your account using only a passkey offers a significant boost to data protection. Unlike traditional passwords, passkeys are based on strong cryptographic authentication and are never reused or stored in a way that can be easily stolen or leaked. When you log in with a passkey, your credentials are encrypted and securely stored on your device, making them resistant to phishing and brute-force attacks.
Passkeys are stored differently depending on your device, operating system, and preferences. You can store them using your OS’s native tools, a password manager, or a physical security key. They are always protected by strong encryption and, often, biometrics.
Apple devices: Passkeys are saved in iCloud Keychain, encrypted end-to-end, and synced across your Apple devices. To use a passkey, you confirm your identity with Face ID, Touch ID, or your device PIN — your biometric data never leaves the device.
Windows: Passkeys are stored locally with your Microsoft account and protected by Windows Hello, which uses biometrics (like facial recognition or fingerprint) or a PIN. Some synchronisation is possible with Android/iOS through Microsoft Authenticator.
Password managers (like 1Password, Bitwarden, Dashlane): Passkeys can also be stored in secure password managers, protected by your master password and, in many cases, biometric authentication.
Physical security keys (like YubiKey): Passkeys can be stored directly on hardware devices such as YubiKey. These are not cloud-synced and are tied to the physical device, making them extremely resistant to remote attacks. To use a passkey on a YubiKey, you need to physically insert the key and unlock it with a PIN or, on some models, a fingerprint scan. YubiKeys can store a limited number of passkeys, and the credentials cannot be copied or exported, providing maximum security for sensitive accounts.
2.0 Security
The Security section is organized into three tabs: Authentication, Reset PIN for Hidden Accounts, and Active Sessions.
2.1. Authentication
Passkeys are the primary way to log in to Bron. They use your device's biometric authentication (fingerprint, face, screen lock) or a hardware security key no password required.
In this tab you can see all passkeys registered to your account, including the name, creation date, and when each was last used. You can add new passkeys, edit existing ones (for example, rename them), or remove passkeys you no longer use.
If you're setting up Bron on a new device or need to add a mobile login separate from your desktop, add a new passkey from that device. Each device needs its own passkey registered.
Second-Factor Authentication (2FA) adds an extra layer of protection on top of your passkey. You can enable a one-time password (OTP) for your account in this same tab.
2.2. Reset PIN for Hidden Accounts
Hidden accounts are protected by a separate PIN. If you've forgotten that PIN, you can reset all hidden account PINs at once from this tab. Doing so will unhide all hidden accounts and clear their PINs so you can set new ones.
2.3. Active Sessions
This tab shows all devices currently logged in to your Bron account. Each entry displays the device type, app or browser, IP address, and online status.
Sessions are split into Current (the device you're using right now) and Other (any other active sessions). You can log out individual sessions, or use Log out all other sessions to revoke access from every other device at once, useful if you suspect unauthorized access or have lost a device.
3. Shards
Bron combines hardware-level security, industry-standard encryption (ECIES, RSA, HPKE), and distributed storage to keep your crypto assets safe — even in emergency situations. Here’s how it works:
3.1 Shards Instead of a Private Key
Instead of a single vulnerable private key, Bron generates three pieces called shards:
Shard 1 is stored on your device.
Shard 2 is stored in Bron’s secure infrastructure.
Shard 3 is stored in the trusted third party’s secure infrastructure.
Any two shards are enough to sign a transaction. Even if one shard is compromised, your assets remain safe.
3.2 How Shards Are Created and Encrypted
Generation: When you create a wallet, you, Bron, and the third party establish a secure connection through the Bron app.
Encryption: Each shard is encrypted before it’s stored. Bron uses the HPKE standard — a modern hybrid encryption method that combines symmetric and asymmetric encryption for maximum security.
3.3 Where and How Shards Are Stored
On Your Device (Shard 1): Shard is encrypted using HPKE key and this HPKE key is encrypted using one of hardware encryption system, available on device:
Mac: Apple Secure Enclave (a hardware chip in your Mac) with the P-256 algorithm and ECIES. This acts like a digital signature that cannot be forged.
Windows: TPM 2.0 (a hardware security module) using RSA-2048 and OAEP. Access is only possible through Windows Hello (biometrics or PIN).
In Bron’s Infrastructure (Shard 2):
Stored in DataBase and encrypted by key, stored in HSM (Hardware Security Module) — specialised, physically isolated servers. The shard is encrypted with RSA-4096, one of the most secure encryption standards.With the Third Party (Shard 3):
Stored in similar secure infrastructure with the same level of encryption (RSA-4096). Bron does not have access to this shard.
3.4 Why Is This Secure?
Hardware protection: Secure Enclave and TPM 2.0 make it virtually impossible to extract encryption keys and get shard, even if the device is compromised.
Hybrid encryption: HPKE and RSA-4096 protect shards both in transit and at rest.
Decentralisation: Neither Bron nor the third party can access your wallet alone — at least two shards are always required.
If you have questions, contact our support team via messenger on the Bron platform or by email support@bron.org.