The Credit Card Industry imposes a set of security standards knows as PCI/DSS (Payment Card Industry Data Security Standard). The purpose of this standard is to ensure that any company accepting credit cards from consumers takes all appropriate security measures to ensure that this information is protected from hackers and information leakage.
Read the rest of this post »
If you are allowing Mozilla FireFox or Thunderbird to remember passwords to web sites and/or email accounts in their Password Manager tool, you should know that these passwords are all stored in a plain text file (base64 encoded) on your computer’s disk drive. This file is accessible to anyone with administrative access to your computer. If you have any concerns about the possibility of other people accessing your computer and this gaining easy access to copies of the passwords that you are using, you really need to employ the “Master Password” feature of these programs.
Read the rest of this post »
LuxSci has had many requests from clients who have to communicate with various banks and other security-conscious organizations asking that LuxSci “enforce the encryption of email when sent to those organizations’ email servers via TLS”. This is such a common request, that I wanted to explain what it means, why it is good, how LuxSci does this by default, and the extra step that LuxSci can take to lock down things even more for you.
Read the rest of this post »
LuxSci now provides account administrators with a "Maximum Security" button that allows them, in one click, to configure all of the options in their account to settings that ensure maximal security. This configures such things as forced use of SSL, strong passwords, and forced use of SecureLine (if you have purchased it) with S/MIME certificates. This option is available in the "Advanced Account Administration" area.
Account managers can also contact support to have these settings "Locked Down" so that no one in the account can alter them without contacting support directly, getting approval, and leaving an audit trail.
If you want maximal email security and the assurance that it is setup correctly and cannot be circumvented, this is for you.
