Entrusting a web application like Pelotonics with sensitive information about your projects, company, and employees is serious decision, and we want to make it an easier one for you. Over the last few months, Pelotonics has done a thorough security audit and tightened up site features to safeguard your data. Here’s a rundown of what’s changed.

• Pelotonics no longer includes passwords in system messages. Email is an inherently insecure way to transmit information. All the text of your email passes through several servers and networks, in plain text, easily read by anyone with access to those servers or networks. Now, when you sign up for an account at Pelotonics, you’ll receive an activation link via email instead of your password. Click on the link to set your password using a secure SSL connection. Your password will not be included in any system email messages. As always, Pelotonics encrypts your password and credit card details when they get stored in our databases.
• Pelotonics will lock down your account in the event of a brute force attack. A common way to hack into a username/password-based system is to use what’s called a “brute force” login attack, wherein the attacker, armed with a system user name, uses a program that systematically tries thousands of dictionary words as the password to log in one after the other. To defend against such attacks, Pelotonics now locks down your login after a certain number of failed attempts. Pelotonics will automatically unlock your account after a few minutes to try again.
• Pelotonics uses a secure connection when you enter personal information. On all password and profile setup pages, Pelotonics uses a secure, https connection that encrypts the data you’re entering as it’s transmitted over the network.

For more on how we’re working hard to secure your important data, visit our new security response page, and contact us with any security-related questions.

Popularity: 2% [?]

Tweet This Post