We take our subscribers' information security very seriously and have followed recommended industry security practices in relation to the handling of sensitive personal and financial information.
Access to individual online subscriber accounts is protected by a user identifier and password regime that enforces a minimum requirement on the strength of passwords selected by users, ensuring that operational passwords are difficult to break by ‘brute-force’ trial & error techniques or even intelligent guesswork. We do not store subscribers' passwords anywhere, just secure hashes that are derived from the passwords. When we receive an authentication request we hash the given password and compare it against the stored hash. Should the list of credentials be compromised in any way, the hashed passwords are of little use. This explains why we cannot offer a password recovery service in the event of a forgotten password - should a subscriber forget their password they can only reset it by providing an alternate means of identification (as explained in more detail below).
Individual subscriber sessions are timed out after a period of inactivity (currently 2 hours) and are resilient to changes in client IP address within the session (as might happen for an ISP user using Dynamic IP addressing). This helps to ensure that logged-in sessions are not left open indefinitely on public or generally accessible terminals. Regardless of this, we recommend that users explicitly terminate sessions by clicking on the 'Log out' button.
All interactions with the site are secured using TLS v1.2 or v1.3 connections and other measures (at least as good as the connection security that banks use for their online customers). This ensures that all traffic backwards and forwards is encrypted, creating a secure pipe between the user’s browser and our servers (as indicated by the browser's display of the 'padlock' symbol for secure connections).
Any action which changes security-sensitive information (such as email addresses, passwords and the creation of secondary users) always adopts "two-factor" security techniques. Necessary information is not communicated in one way over one channel - at least two different channels of communication are required. For example, when a password reset is requested (either because a user has forgotten their password or the primary user wishes to reset the password of one of the secondary users) a temporary password is presented on screen AND an Activation Code is sent to the email address associated with that user or subscriber. Both pieces of information are required to be able to log in to the service again - one piece of information is insufficient.
Access to certain features is protected by an alternate means of personal identification. During the subscription process for a primary subscriber, or when a new secondary user first logs in, they must supply the answer to a security question which is then hashed and stored. This answer is used to verify identity and provides a second chance for a poor memory.