When DACCAA was first created, it was only ever intended as a small user project. A place where I could test our new ideas and further my knowledge of code. Today DACCAA has grown to a point where we have a substantial amount of unknown users. This means it is time to rethink the privacy and security of DACCAA.
Expected late 2019, there will be a brand new login page. This will hopefully streamline your login process but also will add a lot more security. The current login page will always ask for your email and password, and two factor authentication code (for those of you who have set that up). We have found this to always be sufficient however we want to take the experience further. We will start adding additional checks to see if you are logging in from a new country or even a new area. This is all part of the brand new DACCAA SecureLogin Algorithm.
We also will change the way cookies work. You will then be able to delete individual "remember me" sessions and check what devices are currently being remembered.
We are also considering updating our password policy to enforce stronger passwords.
DACCAA has always had admin and staff areas within the website for authorised people to access. We have reinvented the staff area to mask sensitive user information such as email addresses and staff can only see ages - not dates of birth. This was done in case DACCAA ever needs to widen its "staff" to protect users information.
DACCAA has always kept logging to the smallest amount possible. We recently added a feature that would tie your search history to your account, so you could look over recent searches. We monitored the usage of this feature and found it wasn't being used as much as we had anticipated. We will therefore be removing all logging of searches through DACCAA for both registered and non-registered users.
We will be potentially increasing the amount of information collected on each login to better assess when it is a genuine login attempt or whether it is a malicious actor.
We are also considering a database redesign that would coincide with the new login system. This would reduce the amount of data redundancy and would mean if any of our tables were compromised less information could be stolen.
We are also continuing to audit older services to make sure they are using the latest technologies to make sure they are as secure as they possibly can be.
We will also be redesigning DACCAA social to be released sometime this year. It will be a brand new design but we will be taking a privacy first approach, allowing you to choose what you share. You will still have the option to hide your profile as well, should you wish.
These are just some of the changes planned for DACCAA. If you have any comments, feedback or suggestions then do not hesitate to let us know. You can do this, as usual, through DACCAA Support.
© Danny Franklin 2019