(Please note that some of the measures below only work against hackers in proportion to the strength of your password, so create good ones. Do not use a password that is a dictionary word, and include numbers or characters in addition to letters; this helps defend against a brute force attack.)
Security measures adopted by FairSplit to protect you and your data
- No one can see your estate or asset data, except the people who have been added to the inventory or division. No data within it is public.
- The web application uses the https protocol which involves an encrypted connection, such that the hardware through which your information passes on the Internet cannot decode the content. This prevents man-in-the-middle hacking attacks.
- We do not require the address of any property being inventoried and encourage you not to mention it in the web application.
- We do not take credit card numbers on our site. Instead, payment is done through a bank level secure third party.
- We do not store your password -- only a hash of it. This means no one can recover your password from our database. If you forget your password, you must go through the password recovery procedure, which involves a message to your email address as a way to verify your identity.
- When logging in, if you get your credentials wrong, you need to wait before trying to log in again. The wait time is doubled each time authentication fails. This makes brute force attacks on passwords very difficult to carry out.
- We keep all the software in our Linux servers up-to-date in order to avoid old, known security vulnerabilities.
- We host our web application with Amazon and use its advanced network security features to ensure other Amazon clients cannot access our data.
We make a daily backup of our database, so that in the unlikely event of a catastrophic bug or failure, we can recover the data to the latest backup. We expect that, in such an event, the largest amount of work you could lose is 24 hours.
- The cookies used by the web app are protected with the HostOnly, HttpOnly and Samesite properties as applicable.
- Our software is written in such a way as to protect against SQL injection attacks and cross-site request forgery attacks. Our team knows that discipline is a very important trait in a programmer and our software is written in a careful, orderly, informed and deliberate manner.
We also encourage you to use a reasonably recent version of a respected browser such as Mozilla Firefox or Google Chrome. We believe there is still reason to avoid Microsoft Edge because it is a re-branding of (and shares an enormous amount of code with) Microsoft Explorer, which has a poor security history.