There's been a lot of media attention surrounding the recent LinkedIn password issues, and we thought we'd explain how we protect your Administrate password and account. With hundreds of training providers relying on us around the world, we take this responsibility very seriously.
We Encrypt All Traffic
All Administrate traffic is delivered via the industry standard Secure Sockets Layer (SSL). Have a look at your browser's address bar when logged into Administrate, and you'll see a lock icon. This means all your interactions, data, and requests to and from Administrate are encrypted and safe from eavesdropping.
We Hash and Salt Your Passwords
We hash passwords using a one-way crypt hashing library. This means we never store your actual password, just the output of a "one way" mathematical hashing function. When you login, we hash your password again, and compare it to what is stored in our database to see if they match. This hashing function (SHA512) is an open source, peer reviewed mathematical function that is NIST approved. For each password we salt and hash it 10,000 times in a row to make any attempt at reversing this process extremely computationally expensive and therefore unlikely to succeed.
The LinkedIn security breach was a result of not "salting" the hashed passwords they were storing at all, let alone 10,000 times in a row, and we don't have that issue here. What this means is that in the unlikely event of our password database being stolen, it would be extremely time consuming and difficult (on the order of months for each password) to determine your password via common attack strategies.
We Only Reset Your Password
We can't tell you your password due to how we safeguard your password, so if you forget your password, we need you to reset it. This if for everyone's safety so pardon the inconvenience!
Our dedication to online safety and security doesn't end with passwords - we consistently monitor security issues and our product for areas where we can improve. To learn more visit the Trust section of our website.