LuxSci’s Passwords WebAide, which has been extensively updated,  makes it quick and easy to securely store all of your numerous passwords in one central location, and to share access to these with other users on a per-password basis, if needed.  We’ve just made it very easy to also export your saved encrypted passwords from the Passwords WebAide.  Use this feature to make your own backups of password lists, plus get printer friendly lists of those passwords to save in a secure location or to use as a reference when updating passwords.

Read the rest of this post »

LuxSci has re-written its web-based Password management interface from the ground up to provide users with a fast, modern, featureful experience.  The WebAides Passwords user interface now matches that of WebMail, Address Books, Calendars, and User Groups in AJAX-based Web 2.0 speed, data caching, and usability.

The Passwords WebAide provides:

• PGP-Encrypted online storage for all of the user names, passwords, and related information that most people have in abundance for logging in to countless web sites and devices.  Every entry is separately encrypted using PGP.  The PGP certificates are imported by you and/or generated by LuxSci.  There is no need for the passwords to these PGP keys to ever be stored on LuxSci’ servers.  This is a secure online solution.
• Shared access — you can have detailed control of who in your account, if anyone, can decrypt and access which passwords.
• Associated encrypted notes and attachments with each password so that you can store additional related information.

Consider LuxSci’s WebAide Passwords to be an “Online Lockbox” where you can securely store and share all of your passwords.  This Lockbox can be accessed from anywhere that you have Internet access.  The major changes that come along with these user interface enhancements include:

Read the rest of this post »

LuxSci has updated its web-based User Group management interface from the ground up to provide users with a fast, modern, featureful experience.  The User Group WebAides user interface now matches that of WebMail, Address Books, Calendars, Tasks, and Passwords in AJAX-based Web 2.0 speed, data caching, and usability.

User Groups WebAides are very useful in a collaborative environment for:

• Sharing WebAides (i.e. calendars, files, etc.) or email folders with groups of users instead of or in addition to individuals.
• Encrypting individual entries (i.e. files or passwords) such that any group member can decrypt the item, as long as they are a member of the group
• Creating email distribution lists so that it is easy to email everyone in the group.

The major changes that come along with these user interface enhancements include:

Read the rest of this post »

We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs.  After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion.  Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure.  However, this is not necessarily the case.  Why?

Using password-protected files to secure data is fast and easy and built into many applications.  Why not use it?  Certainly, password protecting files is much better than not doing so.  However, there are several things that determine how secure these “protected” files really are.

Read the rest of this post »

Doctors and medical professionals are feeling a growing pressure to get their business online (i.e. even use of electronic prescriptions is being pushed).  This includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients. If doctors can show that they are using digital systems with their health care practices in a meaningful way by 2011, they may be eligible for some serious money (part of the proposed stimulus package — the Health Information Technology for Economic and Clinical Health Act (HITECH)).

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

LuxSci has re-written its web-based document management interface from the ground up to provide users with a fast, modern, featureful experience.  The WebAides Documents’ user interface now matches that of WebMail, Address Books, Calendars, and Tasks. Additionally, some new components have been added to make it very easy to upload and download large numbers of files to the Documents WebAides.

Read the rest of this post »

Updated 12/7/2011 with AES security data for the newest browsers and mobile devices.

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

As an email hosting service, we at LuxSci are frequently asked about email clients. We would like to share with you of our expertise and opinions about the most popular email clients. We’ve created a quick guide to email programs that includes an explanation of the client, its major features, and what makes it stand out.

Read the rest of this post »

LuxSci has had many requests from clients who have to communicate with various banks and other security-conscious organizations asking that LuxSci “enforce the encryption of email when sent to those organizations’  email servers via TLS”.  This is such a common request, that I wanted to explain what it means, why it is good, how LuxSci does this by default, and the extra step that LuxSci can take to lock down things even more for you.

Read the rest of this post »

SecureLine is a new service provided by LuxSci that allows its users to easily send and receive secure email messages to and from anyone on the Internet who has an email address – no matter what kind of email software or service that correspondent has and no matter how insecure that correspondent’s current email services are!

SecureLine enables you to easily meet HIPAA (The Health Insurance Portability and Accountability Act) and other communication security regulations and policies and it enables account administrators to optionally require that all users employ SecureLine and thus participate only in secure communications.

In order to meet the combined goals of ease of use, maximum security, and communications with anyone, anywhere, SecureLine seamlessly integrates two distinct modes of secure email communications: SecureLine Escrow and SecureLine PKI.

SecureLine Escrow: For secure communications with anyone, anywhere, you can use “SecureLine Escrow”. When composing an email for escrow, the SecureLine-enabled sender will provide an authorization question and answer; something that is confidential and known only to the sender, recipient, and other authorized people. When sent, the secure email message is encrypted and stored in a special “escrow” database at LuxSci. The recipient receives an email notification with the password to the secure message. The recipient then follows a provided link to the “Escrow Portal” to pick up the secure message and to optionally securely reply back to the sender. In order to access the Escrowed message, the recipient needs both the password from the notification email and the answer to the sender-provided authorization question. Thus, SecureLine Escrow allows simple secure communication with anyone who has an email address.

SecureLine PKI: For secure communications with other users of SecureLine and with other people on the Internet who have compatible secure email services, LuxSci’s SecureLine also supports a Public Key Infrastructure (PKI) compatible with the S/MIME (Secure MIME) and PGP (Pretty Good Privacy) Public Key technologies. In a public key system, the encrypted message content is sent within the email message to the recipient, instead of being placed in escrow for later retrieval; the recipient can easily decrypt and read such secure messages from within his/her usual email program or WebMail. This mode of operation is more flexible and more like normal email usage than the “Escrow” system; however it requires that the recipient be another SecureLine user or someone who utilizes PGP or S/MIME email encryption technologies.

To read more about SecureLine, what features it provides and how exactly it is extremely easy to use, see the SecureLine description.