Strong 2-step Authentication
my1login uses 2-step authentication by default - a Password and Key Phrase protects accounts. Additionally, a dropdown is used for the authentication password entry mitigating against screengrabbers and keyloggers. A Key Phrase rather than a password is used as the encryption key, the longer length of a phrase over a password hugely increases encryption key permutations.
AES 256 Encryption
Client-side encryption using AES 256 means that your data is scrambled before it is sent to my1login for storage. The Key Phrase is not stored by my1login and it’s impossible to decrypt the data without it. Even at billions of guesses a second, it would take millions of years to go through every permutation of a reasonable length key and decrypt your data.
RSA 1024 Encryption
RSA Public Key cryptography is used in conjunction with layered AES encryption to provide a hyper-secure way of sharing access to passwords within the business and amongst team members.
Protecting Your Details - SSL Encryption
After your data has been encrypted locally within your browser using AES, it is then further encrypted using SSL/TLS before being transmitted and stored on our servers. SSL/TLS essentially creates a secure channel over the Internet. This provides protection from eavesdroppers and man-in-the-middle attacks.
Repeat Login Attempts
Some hackers attempt to crack passwords by using programs that repeatedly generate random words and characters, and then automatically enter these into password fields on web sites. These are known as 'brute force' attacks.
In order to protect your account, we will automatically de-activate it following a certain number of failed login attempts. We don't divulge the number of attempts we allow before de-activation as this information can assist anyone trying to hack into the service. If we have de-activated your account, you can still contact us to have it re-activated.
In addition, a drop-down menu is used for password entry, which significantly reduces the risk of your account being maliciously hacked, by one of the password 'cracking' programs.
Phishing is a technique employed by fraudulent parties to dupe individuals into disclosing their login details to specific sites. They can achieve this by essentially 'hi-jacking' or 'spoofing' the legitimate website (possibly through a link contained within an email). The fraudsters will have created a web page and login screen that looks like the real site you are trying to access but is nothing more than a way of capturing your details.
In order to protect you against this my1login ask you to enter a personal 'Welcome Message' when you register. Every time you log into my1login with your Username and Password, your personal 'Welcome Message' will be displayed on screen that will allow you to validate that it is genuinely our site that you are logging into. As an additional level of security, the 'Welcome Message' will be displayed before you enter you decryption KEY, so if you don't see the message, don't enter your KEY.
As en extra layer of protections, SSL is also used to secure the login communications between your PC and our servers.
Under no circumstances should you ever disclose your Key Phase to anyone or as the result of any email request. Mylogin will never ask for your Key Phrase.
It is possible for computers to contract a virus that monitors the keystrokes being entered by the user and send the details to the originator of the virus. This is the reason why my1login ask for random letters from your password to be entered via a drop-down menu. So even if this type of virus does reside on the computer your using, it will not pick up your password.
Where it is possible for my1login to automatically log you in to favorite sites' this can actually mean that it is more secure to login via my1login than to type the username and password in directly in to the site you are trying to access. In this situation there are no keystrokes to log!!
It is possible that you may be using a computer that has a screen-grabber virus. These viruses can essentially take a snapshot of the screen when the mouse is clicked then store or forward it for fraudulent purposes. In order to protect you against this my1login only request three random letters from your password when you log in, meaning you never need to divulge your full password and risk it being captured by a screengrabber.
General Security Recommendations
Keep your system and browser up to date by downloading the latest security patches from your software provider. Use a personal firewall, Anti-Virus and Anti-Spyware software to protect your computer from unwanted viruses and trojans.