The safety of user data and traffic between server <-> user is ensured in different ways, some are even optional.
Passwords are not stored directly, they are "hashed" which basically means a checksum will be calculated and this checksum stored... so we don't check your password, but the checksum (="hash").
Doing so will display upon a click of "login" a longer password than you typed in. That's because it gets "hashed" and then sent over the net.
This happens if you do or not do use SSL.
SSL (https:// instead of http:// in the address bar) is used automatically.
What does it mean?
The complete traffic between you and the server will be encrypted, this means, if somebody tries to sniff out data, he won't have much luck.
The security level is identical to major banks and other institutes.
Due to our obligation to keep information safe when we transmit, this applies for all our subdomains (forum, wiki) too.
From the outside, only services necessary are available. No direct database access from the outside is possible. You have to be on the server to do that.
The servers are located in a datacenter that is protected 24h / 7 days a week and has restricted access including cameras and personnel.
Direct access is done via SSH, which means everything I do on the server happens via an encrypted line. If I move files in, they are encrypted, and so on.
In the case the server crashes, burns down, whatever, there are multiple backups each day in progress that get send to about 4 remote locations elsewhere in the datacenter and in another datacenter which is independent from the first one.
So in case a nuclear strike gets the first, the second will survive... but in this case, I think the least we have to worry about is the data of your char ;)
How can I keep my password safe?
Simple. Don't write it down. Use a combination of letters, numbers and special chars. Mix high with lower case chars.
Have it unique, don't use it elsewhere.
Now, doing so would probably leave you with 40 or more passwords for everytiny webpage you have ever visited... Oo
Here are suggestions:
- Store nothing locally where others can get access while you are not there, preferrably an USB stick. Note: Cheap sticks carry a high risk of data loss. Do regular backups and encrypt them! (Software mentioned a few lines below)
- Use a password safe, store the data preferrably on an USB stick or something handy you can carry with you (I use KeePass 1.1 for instance because it's good AND free)
- If you do want futher safety to even hide there is a password safe or password text file... encrypt your data. I recommend TrueCrypt as there is also a portable version you can carry along so you can decrypt anywhere (you need Administrator Rights on that machine, though!)
- Don't share your password! Ever! If you need to (long leave, whatever), make a new password you can tell, once you get back, change the password back, and make sure your email address set for your character is still the same...