Hi all,
As part of our efforts to ensure that our customer data is always protected, a new feature has been introduced to the support ticket system here @ this site; Secure Data Storage.
After you post a support ticket, you will be shown a new button next to the "Attach files" button in the Quick Reply box, Attach secure data
This button will open a new page where you will be shown this page:
As it says on the screen, any data you enter here will be encrypted with an entirely random secret key that is never stored on our servers. This secret key is emailed both to you and to the assigned agent. When the assigned agent wishes to view the information, they must provide the secret key, which is stored in a cookie on their computer until they close their browser or they log out.
A decrypted copy of the data is never saved to our database.
This means that even if our database gets compromised (heaven forbid!), your data will always be encrypted.
You can delete the data at any time, without needing the secret key.
If you should lose your secret key, or you wish to erase your data, you can delete the data either from the screen that asks you for your secret key, or from the support ticket thread itself.
We still recommend you change the data on your server after the data is no longer necessary.
This solution is not a perfect security solution. If either your email account or the assigned agent's email account gets compromised, then your secret key will be readable by whoever gained access.
This solution aims to address one, and only one, specific threat model: The unlikely event where our servers get compromised. This solution provides better security than sending your access information to the support agent via private message / conversation, where they can be read by a malicious attacker.
Our servers have not been compromised.
This is not a reactive solution, but a proactive one. It is always preferable to improve security before an attack happens, rather than after.
Screenshots:
The new button, which will only show up if you are the thread starter.
Enter your data here, and it will be encrypted before being saved to our database.
Your secret data displayed within the support ticket, after you or the assigned agent have entered the secret key.
Your secret data hidden after clicking the "hide" button, which erases the cookie from the browser.
After confirming, your data will be erased. If you fill out the data again in the future, even if the data is the same, the secret key is different.
Your secret data (even in its encrypted form) is not visible to guests, or logged in users, who are not you nor the assigned agent.
Users who are not you nor the assigned agent do not even have the option of entering the secret key to reveal your data.
As part of our efforts to ensure that our customer data is always protected, a new feature has been introduced to the support ticket system here @ this site; Secure Data Storage.
After you post a support ticket, you will be shown a new button next to the "Attach files" button in the Quick Reply box, Attach secure data
This button will open a new page where you will be shown this page:
As it says on the screen, any data you enter here will be encrypted with an entirely random secret key that is never stored on our servers. This secret key is emailed both to you and to the assigned agent. When the assigned agent wishes to view the information, they must provide the secret key, which is stored in a cookie on their computer until they close their browser or they log out.
A decrypted copy of the data is never saved to our database.
This means that even if our database gets compromised (heaven forbid!), your data will always be encrypted.
You can delete the data at any time, without needing the secret key.
If you should lose your secret key, or you wish to erase your data, you can delete the data either from the screen that asks you for your secret key, or from the support ticket thread itself.
We still recommend you change the data on your server after the data is no longer necessary.
This solution is not a perfect security solution. If either your email account or the assigned agent's email account gets compromised, then your secret key will be readable by whoever gained access.
This solution aims to address one, and only one, specific threat model: The unlikely event where our servers get compromised. This solution provides better security than sending your access information to the support agent via private message / conversation, where they can be read by a malicious attacker.
Our servers have not been compromised.
This is not a reactive solution, but a proactive one. It is always preferable to improve security before an attack happens, rather than after.
Screenshots:
The new button, which will only show up if you are the thread starter. Enter your data here, and it will be encrypted before being saved to our database. Your secret data displayed within the support ticket, after you or the assigned agent have entered the secret key. Your secret data hidden after clicking the "hide" button, which erases the cookie from the browser. After confirming, your data will be erased. If you fill out the data again in the future, even if the data is the same, the secret key is different. Your secret data (even in its encrypted form) is not visible to guests, or logged in users, who are not you nor the assigned agent. Users who are not you nor the assigned agent do not even have the option of entering the secret key to reveal your data.