Hello,

It is standard practice to send "plaintext" passwords over HTTPS. The passwords are ultimately not plaintext, since the client-server communication is encrypted as per TLS.

Once our server gets the "plaintext" password over HTTPS it is then encrypted with BCRYPT with a cost price of 12 to get stored into a database that is not linked to the wallet.

Yes the encrypted wallet file is stored on our servers and has no use to hackers since it's encrypted with your password. The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

The sendbit.io wallet is mainly used for accepting crypto payments rather than storing funds (storing funds online is a risk no matter what wallet you use), we are working on a offline storage device for users whom wish to store a large number of crypto funds.

If you haven't already signed up - you may do so to stay updated with our latest developments and newsletters


Regards,
sendbit.io