abbywinters.com BV and our business partners websites implement best practices in security standards.
The biggest risk is a customer selecting an insecure password – we require reasonably secure passwords when joining, but they can still be cracked. We always recommend long, complicated passwords with lower and uppercase letters, numbers, punctuation, and other special characters.
Some example secure passwords (do not use these!):
xO^yxSCxYx&\Scgt a*aV=#`:vt_erWW, C9UMl2u=O=KR#`%" 5\pU:GFVUxXRaQ-, 6NN3ttn|#ud#85d_ QmVy.Qg2'Rh~=+/=
Of course, these are impossible to remember, so we also recommend the use of Password Managers, such as LastPass (a browser plugin) or KeePass (an application on your computer). These make password management easy (you only have to remember one master password), and help you make all your internet accesses secure.
Security steps we take on abbywinters.com
We use HTTPS for all pages on abbywinters.com (secure hypertext transfer protocol), a well-established method of ensuring communications are encrypted. This prevents eavesdropping and tampering with information between us and you.
When we receive information you provide, we use 256 bit encryption of your information from when you enter it, to where it is stored in our database. Data is encrypted and “salted” (a one-way-encryption, it can never be decrypted) which means we can never see your password – when you’re asked to enter your password, it’s encrypted and salted the same way, and if that matches what we have on record, you’re authenticated.
This is what a salted password looks like in our database (this might be for a simple password like “bigstuff69”):
However, we do securely log incorrect password attempts, to assist our business in providing better security to the site, and to assist customers. These can be decrypted by authorised admin users.
Access to our administration areas (for example, to add new scenes) is password protected, but also an SSL certificate is required by users.
Our Systems Administrator works to keep our servers up to date, using the latest most-stable versions of software (for example, Lunix, Apache, PHP, MySQL, Memcached).
We provide a bounties to ethical hackers who expose flaws in our security systems.
Security steps our billing partner takes
Our billing partner GMBill.com (https://www.gmbill.com) handles management of customer subscription and processing of customer credit cards. Credit card numbers are securely stored in a digital “vault” held by a third party specialist. GMBill.com does not have your card number but instead uses a token to communicate to the vault when charges are made against your card.
As you join, or look up your account info on GMBill.com, you’ll see a small padlock icon in the address bar of your web browser. Double click on that for additional security information.