What encryption is being used in Intuitive Password services?
Intuitive Password uses AES-256 as well as PBKDF2. The AES-256 encryption algorithms are approved by the US Government for protecting top secret data. AES-256 is implemented on the both client-side and server-side for all Intuitive Password services. This is important because your sensitive data is always encrypted on your web browser before being sent to the Intuitive Password servers. Your password is never stored anywhere on our servers in any form. No one at Intuitive Password can decrypt your data without you giving up your password, and we will never ask you for it.
Why does my browser indicate that Intuitive Password has an invalid SSL certificate?
Most certificate warnings are caused because your PC's clock is not set correctly. Verify that your clock is set to the correct day, month, and year and retry. If you still experience the issue, then your PC may have had its default list of certificates modified in some manner. Many employers change the standard certificate settings to allow them to have greater control over what sites employees visit and in some instances to allow them to monitor all HTTPS traffic. Please check with your network administrator to determine if this is the case. If you are using Windows XP be sure you update to Service Pack 3, it contains the ability to utilize SHA-256 certificates.
Why do I have to answer the security question when I login?
You will be asked to answer a security question only if you login to your Intuitive Password account on a computer or a device that the system doesn't recognize. Every time when you login to your Intuitive Password account, your geo-location details and IP address are being logged on our servers for security auditing purposes. If you are logging into your account from a different location next time, Intuitive Password will prompt you for an additional verification to ensure that your are the right person.
What are phishing scams and what steps can I take to protect myself against them?
Phishing is a scam where a criminal uses fake or partial information to try and trick someone into revealing passwords or other confidential information. To avoid falling prey to such scams, it is critical to understand what phishing is and what you can do to protect yourself. Intuitive Password has developed a great anti-phishing technique that can be used to protect you from phishing scams. Check out this article here for more information.
How many invalid login attempts can occur before a lockout?
Intuitive Password will lock you out of your account for 20 minutes after 5 invalid login attempts.
Why do I have to answer a security question, even though I logged in from the same location as last time?
By default, Intuitive Password uses IP address to help you see a history of where your account has been accessed from. IP addresses are also used to detect if you're logging into your account from a new location, so that we can prompt you to verify the new location before granting access to your account. Intuitive Password uses third party geolocation databases to identify the country of origin for IP addresses. However, accuracy for geolocation tools may vary for a variety of reasons. Accuracy rates on determining the country are reported as 95%-99% accurate, it also depends on your Internet Service Provider (ISP) and the data they make available for the public IP address. Unfortunately Intuitive Password cannot control what the third party database detects as the location for a given IP address.