Security is paramount for online systems. AlchemyWorks regularly review systems, current threats and best practices for secure operations. Methodologies include, but are not limited to;
SSL - Systems are accessed via encrypted SSL connections, ensuring server identity and protection from man-in-the-middle attacks. AlchemyWorks software will refuse to operate unless a valid SSL connection is present.
Passwords - Each user is allocated a unique ID and password which can only be used for one concurrent service connection. Password strength can be determined by the administrator, relevant to a particular clearance level, and is stored as a salted SHA256 hash. Passwords are never sent across email, and reset is by means of a randomly generated time limited token.
Cookies - Session cookies consist only of random data and contain no user or identification information. They are also regularly rotated during activity and are normally deleted at end of a browser session. It is possible to store a user cookie that contains the account domain and user name for ease of login, however this should not be enabled on any shared or public computer.
Encryption - The document management system individually encrypts all documents, and they are stored separately from the main database, which is also encrypted at rest.
Secure Environment - Servers are in a physically secure environment, with access protected by firewall. Support and administration systems cannot be accessed directly across the Internet.
Intrusion Detection - Systems actively monitor and log common vectors of attack for analysis and investigation.
