We take security very seriously. We want to make sure you have a great gaming experience and that you feel safe hosting with Parsec. For that reason, we thought it would be helpful to share a bit about our security.
Parsec does NOT store plaintext passwords. We use a bcrypt style key-stretching hashing algorithm with a randomly generated 256-bit salt (per user).
Communication with the Parsec backend
The Parsec website and application communicate session IDs and authenticated state information to the backend via HTTPS. We use TLS 1.2 / AES128 and perform certificate AND hostname verification.
All peer-to-peer audio/video/input data is encrypted via DTLS 1.2 (AES128). Each user has their own randomly generated SSL certificate validated via the Parsec backend on connection. Each connection is authenticated via an one-time use connection token sent AFTER the DTLS handshake has been established. This validation occurs on the backend via HTTPS.
Every new log in from an unrecognized device is confirmed via the email address that you created your account with. You can also add an authenticator 2FA application to your account in your account settings to lock every log in.
Parsec for Teams
Parsec for Teams adds another layer of security to your account. Once you sign up for Teams and run the Teams ID software on your workstation, that computer will be locked from anyone outside of your team connecting to it. To be added to a team, a team administrator must explicitly invite your account and you must accept it. Once you're on a team, you can log in to a Team computer, like normal. You can also invite other team members to connect to your Teams computer at any time, just like you do with the consumer application. If you accidentally send a friend invite or a link to a non-team member, they will not be able to connect to your workstation assigned to your Team. For questions about teams, please reach out here.
We do not store your credit card information. We use Stripe to handle all credit card processing and rely on their industry-standard system to manage all payments. Even if Parsec were hacked, your information would be secure since we don't store the information linked to your credit card in our systems.
We have more recently made a full page dedicated to talking about security, check it out for more details.