/
Concord Security, Privacy, and Strong Passwords

Concord Security, Privacy, and Strong Passwords

Concord was built using a number of industry-standard security systems to protect your data. These methods take many practical steps to avoid the common issues that trouble many services on the Internet.

The Privacy of Your Data

We take the privacy and security of your data seriously. 

Our privacy policy is written with the idea that the data you place in Concord are yours. The policy states that the Church will not access your data without your consent or unless the Church has a legitimate legal reason to access it.

We hope both our privacy policy and our various security protections will give you confidence to trust us with your data.

Passwords

The only way that Concord knows which account is yours is when you log in with your unique username and password. If someone else is able to guess your password, then many of our security protections are rendered ineffective. As such, we ask our users to create a strong password with that is 12 characters (or longer).

TIP: If you are using your own computer you can use your web browser's password “save” functionality to always remember the password for you. By doing this, you won't have to type the password every time. See the knowledge base article here for instructions on how to set up your browser to do this. 

NOTE: To protect your Concord account, do not save your password if you are on a public or shared computer.

Additional Protections

Here are some additional security protections: 

  1. We protect the networks used by our servers with a number of standard security measures including firewalls and unified threat management systems.

  2. We have an independent cybersecurity organization run periodic penetration tests on the Concord infrastructure and in the Concord application itself. We prioritize the repair of any findings.

  3. We developed Concord with the Java Spring Security framework to help protect against common code-based attacks.

  4. We install a minimal number of packages on the Concord servers and patch them regularly. This protects against using software with known security vulnerabilities.

  5. All communications between our servers and yours are encrypted using SSL/TLS certificates. Our certificates use an RSA 2048-bit key, have HTTP Strict Transport Security (HSTS) enabled, and have disabled protocols that could be used to execute a downgrade attack on the certificate.

  6. Data fields that could contain sensitive data such as citations, comments, lists, etc. are stored in the Concord database using AES-128 encryption with a SHA-512 hash.

We take the security of your data seriously. If you believe your account data has been compromised in any way, please contact the Customer Care Center at 1-617-450-2700. We hope you trust Concord to store your data securely.