+ Add Question

I have your premium package. How secure is the data that I enter in my Todoist?

DW

All responses

David Trey staff
Replied on Sep 07, 2011 - 10:01

Hello Don,

as a Premium Customer, all your data is being transferred to and from Todoist using a 256-bit SSL encryption (certificate verified by Equifax, see - Right-click -> Page Info -> Security for more details) and is being backed up daily. Soon, we will introduce an option to store your data locally on your computer.

Right now, the data is stored on our hosting provider: Amazon Web Services. For more detailed information about AWS' security please visit this page:
http://aws.amazon.com/security/


Best regards,
David

U
Unknown
Replied on Feb 22, 2012 - 13:06

I'm not so concerned about SSL or your server protocols, but I noticed you don't have users re-authenticate before changing username, email, or password. Kind of a 101 for security.

Specifically, are you hashing our passwords and adding a unique salt? Can you discuss a bit about steps you've taken to make the application level secure?

Thanks.

Amir Salihefendic staff
Replied on Feb 22, 2012 - 17:17

Yes, we are hashing your passwords and using an unique salt. For hashing we are currently using sha1, but we may change to bcrypt soon.

Best regards,
Amir