tastyworks handles the Security of your Account and your Personal Information very seriously. We consider Security from top to bottom within our organization, and design and deploy a myriad of Defensive System Configurations, Security Devices, Sentinels and Real-time Monitoring systems to protect access and privacy surrounding your Account.
As a rule, we encrypt as much of the data and interactions with you as possible, which means encrypting the data at rest, in use and in transit. We employ industry recognized and adopted high standards in encryption protocols to protect the data that flows between you and our systems (TLS v.x, xxxx-bit). Your connection to our servers are signed with SSL Certificates issued from well-known and trusted authorities to ensure that you can trust that you are communicating with us and not some imposter.
To protect your identity and access to your Account we hash your passwords and other important security credentials to make it very difficult to determine what they are, even if someone has direct access to the raw information.
At tastyworks, we strongly encourage the use of Two-Factor Authentication, and even require it for certain sensitive actions like transferring your funds out, changing your contact information and other dangerous requests.
tastyworks regularly reviews, assesses, audits and fortifies our systems and code. We engage professional security consultants to identify and assess security vulnerabilities, proactively test our defensive measures, and independently review our systems.
We monitor employee access to data, run background checks, segregate internal business units and their access to information as necessary. We control access to our Networks with very stringent policies and controls.
We do our part to protect you and your Account, but you can help protect yourself with the following practices:
Use Two-Factor Authentication. We utilized Two-Factor Authentication in a myriad of places which means you’ll need to have access to the device that is providing that second factor for certain operations. In general, this means having access to the mobile phone that you’ve registered with us. Please understand that if you do not have access to your verification device, there may be some extra steps to complete your action. We hope that you understand how this system protects you, even if it is sometimes inconvenient.
Choose a strong password. Part of a good strategy for security is to choose Strong Passwords, and more importantly ones that are not shared with other accounts at other organizations. This way, a compromise at another company will not inadvertently give away your credentials here at tastyworks. For a list of bad passwords, take a look at this list:
500 Worst Passwords
Monitor your account activity. Make sure you are aware of any changes or activity in your account, and if you see anything which you can’t explain, please notify us immediately. We will normally try to notify you using emails, sms messages or push notifications for certain changes in your account, but there may be some instances where you may notice something wrong before receiving a notification from us.