I just read this article about how someone made a Firefox extension to steal sessions from popular websites. Are you kidding me? Security isn’t an easy thing, I’ll admit. And maybe we take security to the extreme. But seriously, it’s amazing how many other sites don’t even do the basics. When choosing any service that involves sensitive information, especially sensitive financial information, I’d suggest always looking for the following:
- Make sure the address starts with https://. (Sometimes this is replaced with an icon of a little padlock.) This means it’s using the “secure” version of HTTP, which is the protocol that powers the web. Make sure it’s there from they very first page you load, and stays there as you browse the site. Sure, it’s a bit more expensive for the company. But it’s the least we can do.**
- Look for PCI compliance. Or, if not that (because it’s pretty intense), at least *some* indication they’re using a third-party approved security framework.
- Look for strong partnerships, such as banks and financial institutions. These guys take security really seriously, so if they’re on board, it’s another vote in the site’s favor.
Real security often isn’t easy. But most important things aren’t.
** Note: I should highlight that this blog doesn’t use HTTPS, but it’s also not asking you for anything. When you sign in to Expensify proper — at https://expensify.com — every connection is secure.
What kind of sensitive information do you keep at Expensify? As I understand, there is no credit card information, e.g. PAN, Expiration data, and Name.
Do you encrypt all the data or only username and password to access credit card reports?
And you have mentioned about 2 separate keys.
If one of you died (god forbids), wouldn’t you have a problem decrypting the information on the server?
@tnn – We use different types of encryption for different types of information so it tends to get complicated. But for the 2 separate keys, we do have a system to deal with the scenario where one of the key custodians is unavailable: we call it “breaking the glass” because it is a big pain and leaves a huge paper trail. But that’s why we keep a lot of servers on hand such that we’re never in a situation that absolutely requires both keys *right now* — we have the luxury of waiting until both keys are available.