Security Information

The security of your information is important to us. We know that the information we store is confidential and so we made the safekeeping of this information a top priority. Through SSL, FIPS 140-2, and FIPS 197, we use the same standards as most police databases. See the headings below to learn more about the protocols we use.

Secure Socket Layer (SSL)

On the internet, it is hard to know for sure that the data you are sending is only being seen by the intended recipient. It is possible for attackers to act as a “man-in-the-middle” (MITM) and intercept communications between two parties. To ensure that any MITM attackers don’t receive any sensitive information, data transmissions from your computer to our server are encrypted with Secure Socket Layer (SSL) technology.

Without SSL, data is sent as plain text. This means when you type in “password123” in the password field, it is sent over the internet as “password123.” With SSL, data is encrypted so that the same phrase is sent as “EnCt2bbc929747593056f3c4c41c52504138a56832477bbc929747593056f3c4c41c5eskJODOUlgJ1b6gGo1aDmGIdqqTe5QFP8w==IwEmS.” Without the right key, this data cannot be turned back into a readable form.

Learn more about SSL »
Federal Information Processing Standards (FIPS)

Federal Information Processing Standards, or FIPS, are a set of standards that define processes for handling data, including encryption used by government contractors and agencies. We use the same standards for data protection and encryption, specifically FIPS 140-2 and 197. FIPS 197 defines the "Advanced Encryption Standard" (AES) that is used by government agencies including the NSA for securely storing data.

Two-Factor Authentication (2FA)

Multi-factor authentication, more specifically Two-factor authentication, requires two different verifications of your identity before permitting access into the system. Normally, there are three authentication factors:

  • A Knowledge Factor (something you know - username/password)
  • A Posession Factor (something you have - mobile phone, hardware key)
  • An Inherence Factor (something you are or do - voice, fingerprint, other biometrics)
In EPAS, we use the first two factors. The login process begins as it does on any other site with your username and password (knowledge factor). We then take it one step further and our automated system will send a text message to your phone (posession factor), or call you, with a one-time verification code. In this way, gaining access to your account isn't as simple as acquiring your username and password. A possible attacker would have to have both your credentials and your mobile phone. The likelihood of that happening is significantly less than simply acquiring a username/password.

Learn more about 2FA »