Security you can trust
MEGA was built with privacy and security as core principles, not afterthoughts.
End-to-End Encryption
All files are encrypted before they leave your device. AES-128 with user-controlled keys. MEGA has no technical ability to read your data.
Zero-Knowledge Architecture
Your encryption keys never leave your device in a form we can read. Even under legal compulsion, we cannot decrypt your files.
Two-Factor Authentication
Add an extra layer of security with TOTP-based 2FA using any authenticator app.
Transparent Audits
Our security architecture has been independently audited. Reports are publicly available.
Legal Jurisdiction
Incorporated in New Zealand with strong privacy laws and no mandatory data retention requirements.
Vulnerability Programme
We reward responsible security research. Report an issue and earn recognition and rewards.
Technical Details
| Feature | Standard | MEGA Implementation |
|---|---|---|
| Encryption Algorithm | AES | AES-128 (files), AES-256 (keys) |
| Key Derivation | PBKDF2 | PBKDF2 + scrypt |
| Transport Security | TLS | TLS 1.3 |
| Password Hashing | bcrypt | bcrypt (cost 12) |
| Share Link Encryption | Optional | Always encrypted |
| Two-Factor Auth | Optional | TOTP (RFC 6238) |