Jottacloud

Data leakage means that private information that you have registered on a website or service is leaked or stolen. For example, login information. In recent years, several well-known companies, such as Twitter, Facebook and LinkedIn, have been exposed to data leakage.

In this article we will take a closer look at what Jottacloud does to protect our customers, and what you should do if your login information has been leaked.

Login information includes username / email address and password.

You can easily check if your email address and/or password has been leaked <a href="https://haveibeenpwned.com/" target="_blank" rel="nofollow noopener noreferrer">here</a>.

What is Jottacloud doing to protect our customers?

Every time you log in with email address and password, Jottacloud checks if your password has been leaked ​

If it has been leaked, we will ask you to confirm that you are the correct owner of the email address by sending an authentication code when logging in

Jottacloud employees can neither see nor store your password. When you log in, our login system checks if your password is found in a public list of leaked passwords. ​ ​

We will not send an authentication code if you have enabled two-factor authentication or if you log in with Facebook, Google or Apple.

1. Every time you log in with email address and password, Jottacloud checks if your password has been leaked ​
2. If it has been leaked, we will ask you to confirm that you are the correct owner of the email address by sending an authentication code when logging in
 Jottacloud employees can neither see nor store your password. When you log in, our login system checks if your password is found in a public list of leaked passwords. ​ ​
 We will not send an authentication code if you have enabled two-factor authentication or if you log in with Facebook, Google or Apple.

What you should do if your email address or password has been leaked:

Activate two-factor authentication. Two-factor authentication is a two-step login process. In addition to your username/email address and password, you must enter a code that you receive on an authenticator app or SMS when you log in.

Two-factor authentication is a security measure we recommend regardless of whether you have been exposed to data leakage or not. ​<a href="https://docs.jottacloud.com/en/articles/1292931-guide-to-two-factor-authentication-in-jottacloud">You can read more about two-factor authentication in Jottacloud here.</a> ​ ​

Change password. We recommend having a unique password for each website. ​ Here are 2 tips on how to create a secure and strong password:

- Create a long password, preferable a sentence
- Create a password that contains numbers, symbols, spaces, and uppercase/lowercase letters. Make sure you don’t include numbers or words that can be associated with you or the service the password is for
 Another good option is to use a password management program such as <a href="https://1password.com/" target="_blank" rel="nofollow noopener noreferrer">1Password</a> or <a href="https://authy.com/download/" target="_blank" rel="nofollow noopener noreferrer">Authy</a>. These programs create unique and strong passwords for you.

1. Activate two-factor authentication. Two-factor authentication is a two-step login process. In addition to your username/email address and password, you must enter a code that you receive on an authenticator app or SMS when you log in.
 Two-factor authentication is a security measure we recommend regardless of whether you have been exposed to data leakage or not. ​<a href="https://docs.jottacloud.com/en/articles/1292931-guide-to-two-factor-authentication-in-jottacloud">You can read more about two-factor authentication in Jottacloud here.</a> ​ ​
2. Change password. We recommend having a unique password for each website. ​ Here are 2 tips on how to create a secure and strong password:
 - Create a long password, preferable a sentence
 - Create a password that contains numbers, symbols, spaces, and uppercase/lowercase letters. Make sure you don’t include numbers or words that can be associated with you or the service the password is for
 Another good option is to use a password management program such as <a href="https://1password.com/" target="_blank" rel="nofollow noopener noreferrer">1Password</a> or <a href="https://authy.com/download/" target="_blank" rel="nofollow noopener noreferrer">Authy</a>. These programs create unique and strong passwords for you.