Questions? +64 6 6507297 or Contact Us

Security

SECURITY AND ENCRYPTION

INTRODUCTION

At MyVisitorLog, we take the security and privacy of your data very seriously. We fully understand the trust you are giving us to store your information. That trust is based upon us keeping that data both private and secure. The information on this page is intended to provide transparency about how we protect that data. We will continue to expand and update this information as we add new security capabilities and make security improvements to our products.

ENCRYPTION

Not only does MyVisitorLog use Bank-Level SSL Certificates, but we also use AES-256 encryption to store your data in transit and while at rest.

AES-256 is an additional level of encryption, and is considered to be “military grade”. Short for Advanced Encryption Standard, it was the first cipher approved by the National Security Agency (NSA) to protect information at a “Top Secret” level. It is now widely accepted as the strongest encryption there is – and used by governments, the military, banks, and other organizations across the world to protect sensitive data.

To fully appreciate the strength of this encryption, a Microsoft paper published in 2011 suggested that breaking a 128-bit key (far less complex than an AES 256-bit key) would take billions of years with current computing power – and require storing about 38 trillion terabytes of data, which is more than all the data on all the computers on the planet.

PRODUCT SECURITY

Securing our Internet-facing web service is critically important to protecting your data. Our software team drives an application security program to improve code security hygiene and constantly check our service for common application security issues including: CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking.

We never receive a copy of your password or encryption key and don’t use any escrow mechanism to recover your encrypted data.

PASSWORD SECURITY

MyVisitorLog never stores your password in plaintext. When we need to securely store your account password to authenticate you, we use PBKDF2 (Password Based Key Derivation Function 2) with a unique salt for each credential. We select the number of hashing iterations in a way that strikes a balance between user experience and password cracking complexity.

We protect you further by requiring passwords of at least 8 characters. We maintain a list of the 10,000 top passwords and won’t allow you to select a password that appears on this list.

DEDICATED NETWORK SECURITY TEAM

Security is a dedicated team within our data storage centers. Our security team’s charter is protecting the data you store in our service. A dedicated team of security experts simulate real-world attacks at the network, platform, and application layers. The result is continual improvement in the ways the servers can detect and protect against security breaches.

RESILIENCY AND AVAILABILITY

We only utilize Microsoft Azure, Amazon EC2, and Amazon S3 servers. Microsoft Azure guarantees at least 99.9% availability and Amazon S3 guarantee 99.99% up-time and availability.

We operate a fault-tolerant system and network architecture to ensure that MyVisitorLog is there when you need it, wherever you may be. This includes:

  • Diverse and redundant Internet connections.
  • Redundant network infrastructure including switches, routers, load balancers, and firewalls.
  • Scalable system architecture built using a large number of independently operating shards, each servicing a small slice of our user base.
  • Shards architected as pairs of redundant servers, providing hot standby capabilities should a single server fail.
  • Servers engineered with redundant power, redundant network hardware, and storage deployed in a RAID configuration.

Our data center provides fault-tolerant facility services including: power, HVAC, and fire suppression.

REPORT A SECURITY ISSUE

If you believe you’ve found a security vulnerability in a MyVisitorLog application, the MyVisitorLog platform, or our infrastructure that could harm MyVisitorLog or anyone who uses MyVisitorLog, please let us know by e-mailing details of your finding.

Please remember our User Guidelines and don’t violate anyone’s privacy, interfere with anyone’s account, or destroy any data. Please don’t interrupt or degrade our services. And please give us a reasonable amount of time to respond before publicly disclosing your findings.

CUSTOMER SECURITY TIPS

Use a different password on MyVisitorLog than any other site you log into. That way, if someone learns your password on another site, you won’t have to worry about them also being able to access your MyVisitorLog account.

Avoid using simple passwords that could be looked up in a dictionary. Instead, choose a complex password that is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and special characters. Equally good is picking a phrase that is at least 20 characters long.

A password manager can make both of these easy to do. We suggest using 1Password or LastPass applications.

Copyright © 2019 BlinkData Limited. All Rights Reserved