Spread the Word | Create Account | My Account  

Commitment to Security

We have established very strong safeguards to ensure that your account information is never disclosed. Your IM, email, and social network account passwords are encrypted in a way which prevents them from being retrieved by anyone including all DOTSYNTAX LLC employees. To ensure you feel comfortable using Digsby we are disclosing the practices we use to keep your information secure. We will try to explain the technicalities in layman's terms.

There are two ways to encrypt a password.

  • The first is to cryptographically hash your password. The resulting hash is irreversible and you cannot convert it back into a password. However, putting a password through the hashing algorithm will always result in the same hash.
  • The second is to encrypt using a key. If you know the key you can decrypt the data.

In order to protect your account information we store only the hash of your Digsby password on our servers - not the password itself. Whenever you log into Digsby you DO NOT send us your Digsby password. You send the hash of your password and that is compared to what we have stored in order to authenticate you.

When your IM, email, and social network account passwords are sent to our servers they are encrypted using the plain text version of your Digsby password, which is not stored anywhere on our servers. As a result, no one at Digsby can access your passwords because the key used to decrypt them is not stored anywhere on our servers - only the hash of it is, which can't be used to decrypt your passwords since it is irreversible.

If our entire system is compromised (and there are MANY precautions to prevent that) the data is useless to a hacker. Your Digsby password is not stored on our system and that is the only key which can be used to decrypt your account passwords.

This security comes with a little inconvenience. If you forget your Digsby password, we can not retrieve it for you. An email will be sent to the registered email address on file with instructions on how to reset your Digsby password. On the page where you reset your password, you will need to re-enter the password for all your accounts so they can be re-encrypted with your new digsby password. There is no way for us to do this since we are unable to decrypt them.

This is nothing new and we're not revealing anything compromising about our security practices. We want to be open with our users and felt you should know what is being done to secure your data. Any security expert will vouch for the fact that this is exactly what we SHOULD be doing. Rest assured that your data is safe and we'll always do our best to keep it that way.

Last modified: 2010/08/18 13:08 by steve
Copyright © 2007-2017 dotSyntax, LLC.   All Rights Reserved