The next step to improve your account security

Friday, May 7, 2021
The next step to improve your account security

The next step to improve your account security

SMART VALOR strives to implement every measure possible to ensure the security of each user's account. In addition to the roll out of the anti-phishing code feature , SMART VALOR has introduced a proactive monitoring of security practices, based on guidelines published by the National Institute of Standards and Technology (NIST) and other important players in the space. This ensures that the account passwords are audited against public databases of passwords involved in data breaches. If it is discovered that your password is pwned (the password has a match in one of these databases), SMART VALOR will notify you and will recommend, that you change your password as soon as possible.

What is a pwned password?

A password is said to be pwned if it has been compromised – meaning the password is publicly known for a web service. By default, short and simple passwords, dictionary words and sequential characters are likely to have already been pwned. (e.g. the name of your children combined with year of birth, your pets’ names, etc.). Long, complex passwords are not always spared either. Leaks from and breaches on insecurely implemented applications/systems expose users’ passwords, which are then used by fraudulent players to brute-force into user accounts elsewhere. This can happen also when an unauthorized third-party seizes control over a user’s computer or other hardware systems.

How does SMART VALOR use passwords?

User passwords are never sent to any services or companies outside SMART VALOR. All passwords are hashed – that is, they are cryptographically translated to secure it from anyone with a malicious intent – and compared with the password hashes available from the databases. Neither are the passwords ever used alongside email addresses or any other personally identifiable information. Even if somebody would know about this hash – it is almost impossible to reverse-engineer the customer’s password.

How can the security of an account be improved?

If your password matches a password found in previous data compromises, SMART VALOR will notify you. This does not indicate that the SMART VALOR account has been compromised. However, it is highly recommended that you update your password - not just on SMART VALOR but any other services, where you may have used the same password.

In addition, SMART VALOR underlines the use of anti-phishing codes to distinguish authentic SMART VALOR emails from phishing attempts and 2FA (2nd Factor Authentication) to prevent criminals from intersecting an account.