Sunday, February 20, 2011

Security updates

We've been busy rolling out some new updates including some security enhancements - no passwords are stored on our site or emailed to users. We are using a neat hashing system which includes a per-user salt and purposely introduced collisions to make recovering a password highly unlikely (you must now follow an email link to reset your password). With some recent media reports of other major websites having their databases hacked and leaked publicly, we decided that with a good chance a lot of our users re-use passwords for PayPal or email accounts, we should make reversing our hashes as difficult as possible - which is why we're only storing partial hashes making a brute force password guessing attack less successful. Combined with incremental timeouts for incorrect passwords, and 128 bit SSL encryption of logins, we think our secure account system is the standard all sites should strive to meet.

1 comment:

VinArk said...

Hi Donations tracker, My name is Kevin PArkinson I just finished a campaign raising money for my new documentary. The campaign was very successful in that Donations tacker allowed me to be very transparent in showing how much money was raised. I thank you guys at Donation Tracker for providing such an inexpensive tool.

Kevin Parkinson