Indexed I/O Reviews Good Security Practices
We’re committed to staying on the cutting edge of security, with features like salt-hash encrypted passwords, user and system event tracking, and secure data storage implemented across the board.
Why are we doing this review?
Security is a key component of any industry, and it’s important to periodically check and make sure that users are following good practices that will keep their accounts and their data safe. Part of our upcoming feature release includes User Activity Logs, meaning every log in, every tag you run, every file you download is tracked and logged in our system and available to review. Because of this, it’s more important than ever that you don’t share you log on credentials with anyone. Indexed I/O offers free user accounts, so theres no reason to share your password over inviting a new user to your project. If you do, that users actions will be tracked as your own.
What can you do to keep yourself secure?
Don’t share your password. This is the easiest step users can take to protect themselves. If you give someone access to your account you’re responsible for everything they may do with it. With free user accounts there’s simply no reason to ever share a password. Indexed I/O will never call or email you to request your password, and we cannot look up or retrieve your password. If you forget it you should go through the password reset process.
Choose a good password. Your password should be unique to Indexed I/O. It’s never a good idea to reuse passwords in case a less secure site is breached and that password can be traced back to other accounts that use your email. When choosing a password, be sure to:
- Use a combination of numbers, letters, and special characters
- Use a combination of upper and lower case characters.
- Make your password at least 8-16 characters long
Store your password securely. We’ve all seen the co worker with the sticky note on their screen listing all of their passwords. No matter how secure a website is, all it takes to breach your account in that situation is a little social engineering or being in the right place at the right time. If you must store your password somewhere other than your head, make sure its encrypted with a service like LastPass, or TrueKey.
Be on the look out for phishing email. Sometimes hackers will attempt to “Phish” for personal information or credentials by sending emails that look like they’re from the main service, but actually take you to a fake website that looks similar and whose sole purpose is to steal your password. Make sure anytime you enter your login information your URL looks like this “HTTPS://app.indexed.io” or “HTTPS://partnername.indexed.io”. Any communications you receive from Indexed I/O should be from the domain “@indexed.io”. If an email you received doesn’t match that, it’s probably not from us. Sometimes these phishing emails can even contain a virus, like this one below that claims to be a receipt from apple payments. If you look at the domain, though, you can see it’s actually from a scammer.
What should you do if you think your account has been compromised?
First of all, change your password. You can do so from the main log-in page. Then, you should change your password for any other sites where you used the same password (because even though you’re not supposed to, sometimes it happens). Lastly, check to see if your email has been involved in any known security breaches. You can enter your email on this website to check. (Note that this service is not provided by Indexed IO and we offer no guarantee to the results or support for external accounts).