Users of Libon,
Wonderful that you are keeping us on our toes, you’ve helped define the product so far and we hope you continue to do so. Dan Palmer has raised some potential concerns over our security policy. We’d like to address those.
We obviously take security very seriously.
- Passwords are never stored in plain text on our servers, nor are they transmitted insecurely
- The passwords themselves are encrypted on the database and when sent via a text message go over the encrypted GSM network
- All our API calls use HTTPS encryption and we have up to date security certificates for all our platforms, which are also within secure premises.
- We chose to use a password reminder to help users as they moved between their PC and the mobile client.
Based on some user comments and feedback we have scheduled an update which will replace the existing process with a password reset and cryptographic (one way) hash.
Until then if a Libon user feels their mobile has been compromised (eg: lost or stolen) please contact firstname.lastname@example.org and we will reset your password, if not then please enjoy Libon.
Hope this reassures everyone and keep all ideas and comments coming.