FAQ – Secure Fields

Information you enter into the Secure Field is encrypted in your computer before being sent to teamfocus. When the data comes back, it’s decoded by your computer to display again.
In order to do the encrypting, you need a key, which your computer creates and stores locally.

To allow others to see these Secure tasks (or for you to see the Secure tasks on other computers e.g. your home computer) you need to copy that key to the other computer.

Go to our How To section on Secure Fields to get a complete step by step guides to setting up Secure Fields.

The Secure Field feature only encodes one field at a time (you can make as many of these fields as you need).

If you lose your key, you will not be able to update the field or see any old data. If you have sent the key to another team member, they can send it back to you.
teamfocus also allows you to export your keys (or you can simply cut and paste them into a trusted system such as 1Password).

If you don’t have any copies of the key at all, you will not be able to access any of your old data. You can create a new secure field Via the “Change Workflow” function in the Settings menu and re-enter your data as required.
teamfocus stores your keys locally in your browser. If you clear your browser data it may delete your keys, so it’s very important to have a backup somewhere safe.

Your key looks like a bunch of letters in a long word (less than 100 letters and numbers). If you copy this from your “Key Manager” under the Settings menu, you can sent it to another team member and they will be able to access the data as well.
You can also export all your keys and share it via a USB Thumb Drive or even using a secure file sharing system such as BitTorrent Sync.

Your keys are automatically stored in your browser when they are created, but they should also be backed up in an application like 1Password.
As teamfocus is a team tool for managing tasks, having the keys available to other team members is important so they can view and update the Secure Fields. Sending the keys to another team member (who you would like to be able to access the Secure data) also means that there’s another copy of the secure key you can access if required.

You can create new keys in teamfocus by going to the “Key Manager” function under the Settings menu. If you then go to the “Change Workflow” function, you can make the field use the new key. (You can also create a new key in the Workflow Editor for convenience).
As history is stored on tasks, all existing data will still be stored on the task using the old key. Only changes going forward will use the new key.

teamfocus cannot update your old tasks as the keys are never sent to teamfocus servers.

Yes, you can use a single key to secure multiple fields, across multiple workflows and even multiple teams if required.

If you don’t have any copies on any computers, and don’t have a backup copy of your keys anywhere, you will be unable to read your data.
When you create your Secure Field, teamfocus strongly suggests you store your keys to a USB thumb drive or trusted application like 1Password.

No, we have no method of decoding your data. The main intention of Secure Fields is that if teamfocus is required to hand over your data (or a third party somehow gains access to our database) your data will still be safe. Without your keys it’s essentially useless data and your keys never get sent to teamfocus.

Without your keys, the data stored in teamfocus is unusable.

If you were to send your keys to team members via email, then the government agency would also need that email to be able to decrypt your data.
teamfocus suggests you store your keys with a system that you trust such as 1Password. You can also store keys on multiple USB thumb drives and lock them in a safe.
Using the teamfocus Key Manager, you can easily export all stored keys so there’s just a single small file to backup.

You could store some information in it just to ‘make sure’ someone else can’t see the data. For example, if you share a set of teamfocus Lists with a customer and use field level permissions to control what they see, encrypting the data would mean that if you forgot and changed permissions later, they still would not be able to see the data. This is sort of a ‘belt and braces’ approach to security.

The encryption used is AES256 which is an extremely strong and robust encryption. It will be enough for health records, credit card details etc, although this would be up to your own business policies to determine if it’s sufficient.

teamfocus uses AES256 encryption. The 256 means that there’s a 1 in 2^256 chance of someone guessing the key.
These are very large numbers. That’s about 1 with 77 zeroes after it.

If say a supercomputer that could check a billion billion (10¹⁸) keys per second (if such a device could ever be made) it would in theory, require about 3 (with 52 zeroes) years to exhaust the 256-bit key space.

This is not required. The main purpose of the encryption is to stop teamfocus handing over your useable data to another party. If a team member leaves, teamfocus recommends that you simply un-invite them from your team, then they will no longer have access.
If you were to make a new key, it would affect only data changes going forward and you would still require the old keys to see the old data.

The key manager can create new keys for you (as well as let you know how many tasks currently use a key). You can also create a new key in the Workflow Editor when you setup the details of the particular field. Just choose new key and when the workflow saves, a new key will be created and stored in your key manager.

You can’t remove encryption once it’s setup. If you decided not use it anymore, you would have to create a new field and manually copy the data to the unencrypted field. teamfocus cannot do any of these operations for you as the teamfocus servers never see your keys and therefore cannot ever decode your data.

No, teamfocus will never store your keys (teamfocus do not even send them to the teamfocus servers).

Anyone who has access to those fields has that key, It’s just a matter of getting them to go into the “Key Manager” and send you the required key.

The power of teamfocus is the ability to cut and slice your tasks the way you want to. Our lists allow you find just the tasks you need. Things like “My overdue tasks” or “all active tasks” are only possible when teamfocus can see some data about these tasks. “My overdue tasks” for example would need to know your due date to be able to show you the tasks you need. If this field was encrypted, teamfocus wouldn’t be able to provide the list you need.

Most teamfocus customers also like the ability to search for keywords in tasks and this would be unavailable with encrypted fields. teamfocus allows you to decide what you want to be secure and what you can store in plain text.

When teamfocus generates keys on your local computer, it also generates a “key id” which is used to simply identify which key is being used. This is sent to the teamfocus servers with your encrypted data so that when it comes back to your computer again in a task list, your computer knows which key to use.

There is no way to compute a key from a key id. The long word you see in your key management screen actually contains the encryption key and separately the key id to identify it.