We implemented daily intrusion testing on LookStat and we chose to work with McAfee Secure. They test the site for vulnerabilities every day and it is the same intrusion testing used by some of the major microstock agencies.
We take security very seriously and I’m proud to say that we passed their scans on our first test. (Awesome work on running a tight ship, Casey.) You can view the security seal in our footer. The only issue we had was that I stupidly turned the service on on a Friday which meant that some weekend work was involved.
The Most Important Thing to Remember
We will never send you an email that asks you to click on a password reset link and no-one affiliated with LookStat will ask you what your password is. Ever.
The only mechanism for password reset at LookStat is via a secure page on the website.
Why We Did This (If you’re interested)
To gain maximum control over the security of the feature, we chose to implement a secure, two-factor, form on the website. This allows us to ensure that all your communication with us is encrypted at all times. No one other than you knows your password. If lost, it cannot be recovered, only reset.
Since every single page on the site is SSL encrypted, restricting the password reset feature to the site allows us to lock it down tightly. In addition, we require any user attempting to reset their password to give us two pieces of information they have shared with us in the past. If successful, we update their password and allow them to login using their new credentials. The password is never in the clear and is never sent anywhere via email or any other mechanism.
Security is something we take very seriously at LookStat and it’s front and center in all our product development efforts.
Just a couple more quick thoughts on security and around the issue of trust & login credentials. We know this is a critical issue and our hope is that by being open & accessible we can start to build some of the trust we need.
In practical terms, we work very hard on the security of the site and its pages and in addition, we encrypt all of the data stored in our databases. When a user enters data, it is instantly encrypted and stored in the database. This data is only ever accessed by the system in an automated fashion without human intervention. This is similar to how sites that aggregate banking and credit card information handle account security. Also, no one other than you has access to your LookStat password. If it’s lost, there is no way to look it up, it will need to be reset.
We want to be successful by building great tools and systems for contributors and we’re here to answer any questions or work to address any concerns you might have.
We take the security of our users’ data very seriously and work hard to protect it from unauthorized use. Security isn’t just an issue for our users, it’s one that matters a great deal to us as well. We use LookStat for monitoring our own portfolio performance.
From a technical standpoint, we take the following precautions with to ensure the safety of your data:
- We encrypt every single page on our site
- We encrypt everything we store in our database at all times
- You are the only person with access to your LookStat password. If you lose it, we have to reset it
- We house all our servers in secure datacenters and protect them with multiple security measures like firewalls and intrusion detection systems
- We make sure that all employees, contractors and officers sign confidentiality and non-disclosure agreements so they are accountable for any breach and misuse of data
We’ve studied sites like Mint & Yodlee that access banking and credit card data for individuals and have adopted similar security practices. No digital mechanisms are ever 100% secure, but we’re very confident that the systems we have in place are at least as secure (if not more so) than desktop applications & widgets that manage login data and sites on the web today.
Our goal with LookStat is to provide a secure service to photographers and illustrators and to benefit from the value we deliver to our customers. We know that trust is important and we intend to be completely transparent about who we are, where we are based and what our intentions are. If you have any questions or concerns, please let us know and we will respond to them as quickly as possible.