File Steward balances security and ease of use. We take the strongest security measures possible while making a system that is simple and easy to use. Data is secured in transit, and on our servers, using state of the art techniques.
Files and messages are secured end to end with File Steward. We use SSL (Secure Socket Layer, which is the "https" you see in front of the website addresses) to secure data between our website and our users' computers. We use AES (Advanced Encryption Standard) with a 256 bit key to secure files and messages on our servers. This is the same technology the government uses to secure top secret documents.
We also purge files as soon as possible in accordance with the message's retention policy, which is specified when it is sent. The short time files and messages remain on our servers act as another security measure.
We take several measures to ensure our user account security:
- User accounts are not activated until they are confirmed via a link we email to the user. This ensures that the email holder is the one setting up the account.
- We don't store user passwords, we store a cryptographic hash instead. When a user logs in, the password they give us is hashed and compared to the hash we have stored. If they match we know it is the correct password. This makes it impossible for anyone, even for our employees, to get a user's password.
- Since we don't store the password we can only reset it. When we do reset a password for a user, that temporary password is emailed to them, again ensuring only the email account holder has control of the account. Once they log in they have to change the temporary password before proceeding.