Recently, the question has come up about account security here at IIA.
Let me be the first to assure you that we take your personal information quite serious here. Allow me to explain a few things that are in question:
HTTPS vs. HTTP – A quick primer on the difference between the two protocols:
Hypertext Transfer Protocol Secure (HTTPS) is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol. It provides encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. Read More.
Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Read More.
What HTTPS means to you is an extra layer of security when you browse or enter sensitive information such as a social security number or a password on your account. The quickest way to check if a website is using HTTPS is to look for a little paddle lock icon on the bottom of your web browser. You might notice that here at IIA, we do not use HTTPS for a number of reasons.
- We do NOT ask you for any information that is not secure at all times (such as your password, which I will explain later).
- We do NOT ask you to enter any payment information here at IIA. ALL payments are funneled and directed to PayPal and they do use HTTPS as their protocol.
- It’s financially prohibitive to IIA to absorb the cost of setting up a secure website at this time on top of the cost of paying for the server space and registrars. (Granted, this could change in the future if IIA Members are willing.)
Your Account Password on IIA – Explained:
Now that I’ve explained why we don’t use HTTPS, I want to explain why your password is 100% safe and sound with us.
- An issue of keyloggers (which “records” your button presses on your keyboard. Read More) has been brought up as a potential threat to your account safety. Let me be the first to assure you that there is NO possibility that a keylogger can be installed on this website without my express knowledge or permission. IIA has complete control over our hosting and no malicious code can be installed on IIA.com
- Further, your password here on IIA is in a database that even I do NOT have access to. EVERY password on IIA is salted and hashed with an MD5 security. While this does have vulnerabilities, only you know your password and ONLY you have control over it. I can never access your password and I’m the Admin.
After the emails questioning our security, I realized it might be foolish to think everyone has the same level of comfort on the internet that I do. The first line of defense on your personal security on the internet is to NEVER reuse the same passwords on every website you use. Make sure that you use a different password for each site you visit (and not a variation of the same one either, i.e. Facebook is catdog and IIA is dogcat). A simple low-tech way to handle remembering a large amount of passwords is to write them down.
As a matter of security between an 8 digit all lower case letter password and a 16 digit password with letters, numbers and case changes in a brute force crack of your account is millions of computing years. Always use as strong of a password as possible.
Recommendation: A password generator.
Your Sensitive Information – Pictures, Words and Files:
Just as a matter of protecting the IIA members from the scrappers of the internet, this is why the forums are secure from indexing of search engines (Google, Yahoo, Bing) and you must login to access them. Your pictures of your children, your sensitive discussions are blocked from the outside world.
Also, anything you upload is sent directly to our email, and NO file names from your computer is logged, or recorded or even viewed UNLESS your computer is infected from another site. We deliver NO ad or iframe that could infect your computer and we do not allow anyone to upload any file of any type directly to IIA. Every file from pictures to registration forms are uploaded and emailed directly to Google Mail where we personally review every submission THEN choose to upload it to IIA or trash it.
If you have ANY questions, please, visit in the forums and discuss this issue further.
Todd
Admin
