February 21, 2012
When accessing mite on the web, we offered optional HTTPS from very early on. Today, we switched to HTTPS-only. Thus, the connection between your browser and our servers will always be encrypted. Just like in online banking.
HTTPS is especially helpful when you access mite over an unsecured Internet connection like a public wi-fi network. There are no disadvantages to HTTPS for you. Therefore, HTTPS is always activated.
Besides switching to HTTPS-only, we launched some more updates to improve the security of mite. For example, if you forgot your password, mite will now e-mail you a link to change your password yourself. We introduced the same process to inviting new team members to your account. Several updates in the background accompany these changes, e.g. stronger algorithms for password encryption.
While we work hard to secure your data, you can help, too. The best point to start is to choose a secure password which you only use in mite. A secure password cannot be found in a dictionary. It consists of at least eight characters, and it mixes letters, numbers, and special characters.
API developers, listen up please!
We will switch our API to HTTPS-only, too. If you do not access the API via HTTPS yet, please update your code. Starting March 30th, the mite.api won’t accept HTTP requests anymore. Hopefully, five weeks will be more than enough time to change your code unhurriedly. Please support this update and help make mite more secure!