The security of your information is of utmost importance. For peace-of-mind, read on about what’s been done.
The system uses 256bit SSL certificates (the same as the online banking for bank websites do). The traffic between the browser and the website is fully secure in transit because of this.
We uses time expiry authentication. This means that a session is only valid for a given period of time, meaning that if users leave their browsers active, or forget to log off, there is no ‘indefinite’ security hole left behind where somebody can use their previous login session to access the system.
Without revealing the details, the mechanism for storing and encrypting users, sessions and passwords is very secure.
Invalid login attempts are logged and monitored on the system to prevent fraudulent access
The system shows and recommends password complexity so the user can choose a password of adequate complexity that it can’t be guessed easily.
The system is hardened against security vulnerabilities such as cross site scripting attacks, and firewalls protect all servers from malicious traffic.
As with all online systems, the security relies on users common sense. Leaving the details visible on a browser and walking away from the machine, or sharing the password with others, etc., is a clear vulnerability. The weakest link in the security chain is the user not the system.