UPDATE 22/07/2021 - C2 Password is live!
UPDATE: Unofficial info is that C2 Password will be live July 22th 2021
UPDATE: 29/06/2021 - added YT videos about C2 Password and Transfer

As if today was not enough with the announcement of the DSM 7 final release, here is some more information on two (out of four) brand new Synology C2 features that are coming by the end of the year.

This information was provided by Synology GmbH

Welcome, C2 Password and C2 Transfer.

As I have already mentioned in my DSM 7 final article, these are the new features that are part of the new Synology C2 initiative to expand on the platform and offer more services than pure storage for your NAS data.

Solutions that C2 will have in the near future are following:

Service Description
C2 Password* Safe credential management
C2 Backup* Personal and professional data protection
C2 Transfer* Secure file sharing
C2 Identity* Streamlined identity management
C2 Storage Efficient NAS backup and file syncing
NOTE: * marks new C2 services

C2 Password

So what is a C2 Password? Well as Synology puts it:

C2 Password provides a convenient yet secure way to manage passwords, share files and other sensitive information, simplifying users’ online experience without sacrificing security.
Synology C2 Password intro video
C2 Password - Synology's very own password manager

Bottom line, if you have heard or used a password manager before like Bitwarden, 1Password, LastPass, and many more out there, now you will have the option to use one more from Synology.

Just note that this is a C2 service, which means that the data will not live on your NAS device but rather in C2 on the Synology end, and you will be able to access it using your web browser, extensions (selected browsers), and a mobile app.

NOTE: mobile apps will be available as follows: The iOS app will be available on the App Store by the end of 2021. The Android app will be available on the Google Play Store in 2022.

Highlights

Credential Management
Store and organize login credentials and other sensitive information efficiently from any platform.

Secure Sharing
Share files securely by relying on granular sharing permissions.

Platform Security
Have your data always protected against unauthorized access through the highest security standards.

Key features

C2 Password has two main categories, The Vault and File Transfer.

The Vault (image above) will allow you to create, organize, and navigate login credentials and other personal information.

From the Vault you can:

Keep items synchronized across devices
Sign in to C2 Password on all your devices to have the latest version of each item always available. You can access C2 Password on supported browsers via the web portal or through web extensions for Chrome, Edge, Firefox.

Recover deleted items
Deleted items are kept in the trash folder for 365 days. Simply access it from the left-hand side menu to restore what you need

Another important feature in the Vault is the Password Generator.

Password Generator - make your passwords as complex as needed

Generator supports a color-coded strength indicator to help you get the feel of how strong the password actually is.

Finally, C2 Password will be able to generate OTP (one-time passwords) for all your websites and services that require two-step verification.

The second category mentioned was File Transfer. It will allow users to upload and share files through a secure process.

File Transfer options as part of the C2 Password platform

At the moment you will be able to do the following (subject to change):

Set a link expiration date
Links can be valid up to 7 days* (subject to change)

Limit downloads
Prevent the file from being downloaded more than once

Add a watermark
Increase security and personalization by adding your own watermark

Platform Security

Considering that C2 Password will be hosted on Synology's C2 infrastructure some might question the security of it all. Now if you are not open to hosting your own password manager platform like Bitwarden for example, you will have to trust some company to do it for you. In this case its Synology in another it will be 1Password for example. Saying this, let's see what Synology as a company has in place to protect the sensitive data that you will entrust them with.

As a platform on which users store sensitive data, C2 Password ensures that only the vault’s owner or those he or she entrusts can access the information contained in it. This is achieved through:

End-to-End Encryption
Passwords, items, and stored files are protected using AES 256-bit encryption. Encryption and decryption are carried out at the device level, meaning that all data that leaves the device is fully protected

Zero-Knowledge Design
The C2 Encryption Key, which is used to encrypt all data on the platform, never leaves the device on which it is created, greatly reducing the risk of credential leaks over insecure networks

Two-Factor Authentication (2FA)
Sign in attempts to C2 Password require a TOTP generated on a mobile device, ensuring that only rightful individuals can access stored data

Feature availability

Early access* (Phase 1) July
Plan Free
Price Free
Encrypted Cloud Storage 50 MB
▪ Secure file sharing
50 MB
▪ File attachments
▪ Secure file sharing
Cross-Device Syncing Across desktops Across desktops
Max Vault items 1 1
Password Generator
Password Strength Detector
Authenticator (TOTP)
Supported web browsers Chrome, Edge, Firefox, Safari Chrome, Edge, Firefox, Safari
Browser extensions Chrome Chrome, Edge, Firefox
Upload limit per file transfer 20 GB on 6/21 50 MB in early July 50 MB
Number of recipients per file transfer Unlimited on 6/21 1 in early July 1
Concurrent active file transfers 100 on 6/21 3 in early July 3
Transfer expiry date 14 days on 6/21 7 days in early July Up to 7 days
OTP to email address
Download only once option / Watermark

Common operation examples

Considering that I still have no access to the platform (waiting on access) I will just share a few screens that will show some common operations.

Creating a new item, select the category, and enter your information
Deleting an item
In case you delete the wrong item, you can recover it
Example of adding transferring files
Configuring the settings and selecting the recipients
Sharing the URL and accessing the files
After an OTP challenge access to the files is granted

As I said before and you can see in the table above, C2 Password will have support for browsers. By the looks of it, not for Safari (shame) but that might change in the future.

Here is an example of how the extension looks like in Chrome browser:

C2 Password browser extension

C2 Transfer

Next is C2 Transfer platform.

C2 Transfer provides a cloud-based end-to-end encrypted file transfer and request service, without sacrificing simplicity. C2 Transfer goes one step further by offering easy and fast management of users for businesses that will need multiple accounts.
Synology C2 Transfer intro video

Unlike Password, this platform will be a paid service across two tiers:

Professional
For individual users looking to securely send files at an affordable price.
Price per month: $9.99
Price per year: $99.99 (save 20% on monthly price)

Business
For businesses that require intensive use and administrative control over multiple users.

Price per month for five users: $49.99
Price per year for five users: $499.99 (save 20% on the monthly price for five users)
Price per additional user: $69.99

Current offering for C2 Transfer (August 2021)

Secure transfers

Data are at risk of being compromised at every stage of a transfer. C2 Transfer ensures the secure transfer of data at every step of the process.

End-to-end encryption
Utilize AES-256 on the device side to secure the files, mitigate data leakage during transmission, and prevent unauthorized access on C2 servers.

User identity verification
Achieved by sending a one-time password (OTP) to the recipient via email or phone. To receive the OTP, recipients must confirm their email or phone number after opening a shared link. Even if a shared link is compromised, access to an email account or phone number is still required.

Protecting content from tampering

Uploaded content can be protected in many ways, providing additional layers of security.

Watermarks
Added to image files to differentiate them from the original without using another application, thus increasing security, productivity, and personalization.

Link expiry
Set by the sender to make the shared link invalid for the recipient after a specified time period (up to 90 days).

Download limits
Prevent the data from being downloaded more than once.

C2 Transfer will be available across the web and mobile platforms to make secure file transferring as convenient as possible.

Web portal versions for Chrome, Edge, and Safari will be available upon initial release in August.

Mobile support for iOS and Android with a responsive web design will enable greater portability for secure file transfer. This support will be released in Phase 2 of the release and will only be available for Business Plan users.

C2 Transfer offers a simple interface with management tools that provide greater control over how multiple users can transfer files and send requests.

License management features allow administrators to enable or disable access to an active C2 Transfer user account.

Save received task to portal lets users retain shared links in their C2 Transfer portal to access later.

Release schedule

Feature Early Access* Phase 1 (August) Phase 2 (Q4 2021)
Professional Plan -
Business Plan -
Upload limit of 20 GB per transfer
Up to 100 concurrent transfers (including file requests)
Local device upload and transfer
Add watermarks
Link expiration date Up to 14 days Up to 90 days Up to 90 days
Download once
File request
End-to-end encryption
User identity authentication
Web portal Chrome, Edge Chrome, Edge Chrome, Edge, Safari
Save received task to the portal (Business plan only) - -
Mobile responsive web design (Business plan only) - -
User license management (Business plan only) - -

Common operation examples

The upload and sharing process is the same as it is with C2 Password so I will not show that process again, but here is how the request file process looks like:

Create a request, enter an email address of the recipient, and finally send the link
The recipient will then get an OTP via email or phone and once the code has been entered...
... the UI for data upload will appear. The requesting party (right image) will then be able to see the files

How do I test these services myself?

At the moment there is no way to test these services as internal testing is underway. By the looks of it, there will be an early access option, but at this time it is still unknown when and under what terms this will be possible.

Currently, the services are accessible on the following URLs:

C2 Transfer: https://safedrop.us.c2.synology.com/

C2 Password: https://password.eu.c2.synology.com/

Both will lead to yet another new C2 service, C2 Identity. To get access you will have to have a valid Synology Account that has access to these services. I might get access (still waiting on that option), and if I do, I will be able to answer some questions that you might have with these services.

As always, comments are welcome in the section below!