UPATE: 10/11/2021 - C2 Transfer business prices announed
UPDATE 22/07/2021 - C2 Password is live!
UPDATE: Unofficial info is that C2 Password will be live July 22th 2021
UPDATE: 29/06/2021 - added YT videos about C2 Password and Transfer
As if today was not enough with the announcement of the DSM 7 final release, here is some more information on two (out of four) brand new Synology C2 features that are coming by the end of the year.
This information was provided by Synology GmbH
Welcome, C2 Password and C2 Transfer.
As I have already mentioned in my DSM 7 final article, these are the new features that are part of the new Synology C2 initiative to expand on the platform and offer more services than pure storage for your NAS data.
Solutions that C2 will have in the near future are following:
| Service | Description |
|---|---|
| C2 Password* | Safe credential management |
| C2 Backup* | Personal and professional data protection |
| C2 Transfer* | Secure file sharing |
| C2 Identity* | Streamlined identity management |
| C2 Storage | Efficient NAS backup and file syncing |
NOTE: * marks new C2 services
C2 Password
So what is a C2 Password? Well as Synology puts it:
C2 Password provides a convenient yet secure way to manage passwords, share files and other sensitive information, simplifying users’ online experience without sacrificing security.
Bottom line, if you have heard or used a password manager before like Bitwarden, 1Password, LastPass, and many more out there, now you will have the option to use one more from Synology.
Just note that this is a C2 service, which means that the data will not live on your NAS device but rather in C2 on the Synology end, and you will be able to access it using your web browser, extensions (selected browsers), and a mobile app.
NOTE: mobile apps will be available as follows: The iOS app will be available on the App Store by the end of 2021. The Android app will be available on the Google Play Store in 2022.
Highlights
Credential Management
Store and organize login credentials and other sensitive information efficiently from any platform.
Secure Sharing
Share files securely by relying on granular sharing permissions.
Platform Security
Have your data always protected against unauthorized access through the highest security standards.
Key features
C2 Password has two main categories, The Vault and File Transfer.
The Vault (image above) will allow you to create, organize, and navigate login credentials and other personal information.
From the Vault you can:
Keep items synchronized across devices
Sign in to C2 Password on all your devices to have the latest version of each item always available. You can access C2 Password on supported browsers via the web portal or through web extensions for Chrome, Edge, Firefox.
Recover deleted items
Deleted items are kept in the trash folder for 365 days. Simply access it from the left-hand side menu to restore what you need
Another important feature in the Vault is the Password Generator.
Generator supports a color-coded strength indicator to help you get the feel of how strong the password actually is.
Finally, C2 Password will be able to generate OTP (one-time passwords) for all your websites and services that require two-step verification.
The second category mentioned was File Transfer. It will allow users to upload and share files through a secure process.
At the moment you will be able to do the following (subject to change):
Set a link expiration date
Links can be valid up to 7 days* (subject to change)
Limit downloads
Prevent the file from being downloaded more than once
Add a watermark
Increase security and personalization by adding your own watermark
Platform Security
Considering that C2 Password will be hosted on Synology's C2 infrastructure some might question the security of it all. Now if you are not open to hosting your own password manager platform like Bitwarden for example, you will have to trust some company to do it for you. In this case its Synology in another it will be 1Password for example. Saying this, let's see what Synology as a company has in place to protect the sensitive data that you will entrust them with.
As a platform on which users store sensitive data, C2 Password ensures that only the vault’s owner or those he or she entrusts can access the information contained in it. This is achieved through:
End-to-End Encryption
Passwords, items, and stored files are protected using AES 256-bit encryption. Encryption and decryption are carried out at the device level, meaning that all data that leaves the device is fully protected
Zero-Knowledge Design
The C2 Encryption Key, which is used to encrypt all data on the platform, never leaves the device on which it is created, greatly reducing the risk of credential leaks over insecure networks
Two-Factor Authentication (2FA)
Sign in attempts to C2 Password require a TOTP generated on a mobile device, ensuring that only rightful individuals can access stored data
Feature availability
| Early access* | (Phase 1) July | |
| Plan | — | Free |
| Price | — | Free |
| Encrypted Cloud Storage | 50 MB ▪ Secure file sharing |
50 MB ▪ File attachments ▪ Secure file sharing |
| Cross-Device Syncing | Across desktops | Across desktops |
| Max Vault items | 1 | 1 |
| Password Generator | ✓ | ✓ |
| Password Strength Detector | ✓ | ✓ |
| Authenticator (TOTP) | ✓ | ✓ |
| Supported web browsers | Chrome, Edge, Firefox, Safari | Chrome, Edge, Firefox, Safari |
| Browser extensions | Chrome | Chrome, Edge, Firefox |
| Upload limit per file transfer | 20 GB on 6/21 50 MB in early July | 50 MB |
| Number of recipients per file transfer | Unlimited on 6/21 1 in early July | 1 |
| Concurrent active file transfers | 100 on 6/21 3 in early July | 3 |
| Transfer expiry date | 14 days on 6/21 7 days in early July | Up to 7 days |
| OTP to email address | ✓ | ✓ |
| Download only once option / Watermark | ✓ | ✓ |
Common operation examples
Considering that I still have no access to the platform (waiting on access) I will just share a few screens that will show some common operations.
As I said before and you can see in the table above, C2 Password will have support for browsers. By the looks of it, not for Safari (shame) but that might change in the future.
Here is an example of how the extension looks like in Chrome browser:
C2 Transfer
Next is C2 Transfer platform.
C2 Transfer provides a cloud-based end-to-end encrypted file transfer and request service, without sacrificing simplicity. C2 Transfer goes one step further by offering easy and fast management of users for businesses that will need multiple accounts.
Unlike Password, this platform will be a paid service across two tiers:
Professional
For individual users looking to securely send files at an affordable price.
Price per month: $9.99
Price per year: $99.99 (save 20% on monthly price)
Business
For businesses that require intensive use and administrative control over multiple users.
Price per month for five users: $49.99
Price per year for five users: $499.99 (save 20% on the monthly price for five users)
Price per additional user: $69.99
Secure transfers
Data are at risk of being compromised at every stage of a transfer. C2 Transfer ensures the secure transfer of data at every step of the process.
End-to-end encryption
Utilize AES-256 on the device side to secure the files, mitigate data leakage during transmission, and prevent unauthorized access on C2 servers.
User identity verification
Achieved by sending a one-time password (OTP) to the recipient via email or phone. To receive the OTP, recipients must confirm their email or phone number after opening a shared link. Even if a shared link is compromised, access to an email account or phone number is still required.
Protecting content from tampering
Uploaded content can be protected in many ways, providing additional layers of security.
Watermarks
Added to image files to differentiate them from the original without using another application, thus increasing security, productivity, and personalization.
Link expiry
Set by the sender to make the shared link invalid for the recipient after a specified time period (up to 90 days).
Download limits
Prevent the data from being downloaded more than once.
C2 Transfer will be available across the web and mobile platforms to make secure file transferring as convenient as possible.
Web portal versions for Chrome, Edge, and Safari will be available upon initial release in August.
Mobile support for iOS and Android with a responsive web design will enable greater portability for secure file transfer. This support will be released in Phase 2 of the release and will only be available for Business Plan users.
C2 Transfer offers a simple interface with management tools that provide greater control over how multiple users can transfer files and send requests.
License management features allow administrators to enable or disable access to an active C2 Transfer user account.
Save received task to portal lets users retain shared links in their C2 Transfer portal to access later.
Release schedule
| Feature | Early Access* | Phase 1 (August) | Phase 2 (Q4 2021) |
| Professional Plan | - | ✓ | ✓ |
| Business Plan | - | ✓ | ✓ |
| Upload limit of 20 GB per transfer | ✓ | ✓ | ✓ |
| Up to 100 concurrent transfers (including file requests) | ✓ | ✓ | ✓ |
| Local device upload and transfer | ✓ | ✓ | ✓ |
| Add watermarks | ✓ | ✓ | ✓ |
| Link expiration date | Up to 14 days | Up to 90 days | Up to 90 days |
| Download once | ✓ | ✓ | ✓ |
| File request | ✓ | ✓ | ✓ |
| End-to-end encryption | ✓ | ✓ | ✓ |
| User identity authentication | ✓ | ✓ | ✓ |
| Web portal | Chrome, Edge | Chrome, Edge | Chrome, Edge, Safari |
| Save received task to the portal (Business plan only) | - | - | ✓ |
| Mobile responsive web design (Business plan only) | - | - | ✓ |
| User license management (Business plan only) | - | - | ✓ |
Common operation examples
The upload and sharing process is the same as it is with C2 Password so I will not show that process again, but here is how the request file process looks like:
How do I test these services myself?
At the moment there is no way to test these services as internal testing is underway. By the looks of it, there will be an early access option, but at this time it is still unknown when and under what terms this will be possible.
Currently, the services are accessible on the following URLs:
C2 Transfer: https://safedrop.us.c2.synology.com/
C2 Password: https://password.eu.c2.synology.com/
Both will lead to yet another new C2 service, C2 Identity. To get access you will have to have a valid Synology Account that has access to these services. I might get access (still waiting on that option), and if I do, I will be able to answer some questions that you might have with these services.
As always, comments are welcome in the section below!
