A Secure, Encrypted Site (https)

Monday, May 22nd, 2017
When RateTea was founded in 2009, it was a home-brewed site of low consequence. The site has never sold anything, and we do not manage payments or collect any credit card or banking info. Initially, the website didn't use any sort of encryption.

Screenshot of padlock in browser URL barThe padlock icon shows a secure connection in Google Chrome.
Over time, as identity theft has become a bigger issue, security has become more important. In today's day and age, even low-stakes website usage can have security consequences. We have never seen any evidence that a RateTea user's account has been hacked or compromised on our site directly. However, our old, unencrypted site posed a potential risk to users, in that people eavesdropping on a network could intercept your email and password when you logged into our site, which could pose a security risk if you used the same password at other sites.

In order to protect users, we have moved over to https, a more secure protocol.

Even before this, we have always stored our passwords in one-way-encrypted hashes. What this means is that (a) RateTea administrators cannot see or easily retrieve your password, even with full access to our database (b) if our site were to be hacked or compromised, the hackers could not see or easily retrieve your password.

What does the new security mean for you?

You don't need to do anything differently to benefit from the new encryption that we have implemented. Now, your email and password will be encrypted when you log on. Keep in mind, even with this security, RateTea is a public site and any other info you enter into the site can be displayed to the general public. Read our privacy policy for more details.

If you use the same password at RateTea and other sites, and are concerned about the possibility that someone has intercepted your password in the past, we recommend changing your password (by logging in and using the Profile link in the top right, then the Change Password link on the profile page), not just here but on other sites where you have used this same password.

Keep in mind that security is only as strong as the weakest link in a chain. If you use the same password at different sites, there are still other ways that your information can be stolen, beyond eavesdropping, such as if a server is hacked, especially if the server actually stores passwords in plain text (there are a number of high-profile cases of companies doing this, and you don't have a way of knowing this ahead of time), so it is best practice to use a different password at each site!