IMP recognizes the importance of privacy and security regarding the information you send us over the Internet. Site security is one of our highest priorities and we have devoted a great deal of effort to ensure that our online security measures help to safeguard your information. Additionally, we take the privacy of the information you provide us online very seriously. We invite you to read about the steps we have taken to make online transmissions safer and the steps you can take to protect yourself on the internet.

We hope that once you understand the measures we employ to help ensure secure transactions and privacy, and the steps you can take yourself, you'll be as confident about the safety of your online information as we are.

1. Data encryption

   If you are using a security-enabled browser (such as Microsoft Internet Explorer version 2.1 or greater, or Netscape Navigator version 2.0 or greater), the information you send us regarding your purchase is encrypted, making it extremely difficult to read even if it is wrongly intercepted.

   The IMP Ledger utilizes industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of:potentially sensitive information such as your name and address critically-sensitive information like your national insurance number and passport number.

2. Browser security signals

   An unbroken key or closed padlock icon will appear in the bottom border of most browsers to indicate that SSL (Secure Socket Layer) security is in operation. Clicking on the icon will display the digital certificate associated with the secure connection. The digital certificate is intended to guarantee the identity of the remote computer to which you are sending your details.

3. Strong Passwords

   A strong password is one that is designed to be hard for a person or program to discover. Because the purpose of a password is to ensure that only authorized users can access resources, a password that is easy to guess is a security risk. Essential components of a strong password include sufficient length and a mix of character types.

A good, strong password should meet all three of these criteria:

1. Over eight characters in length. Short passwords are easier to crack than long passwords.
2. Combines letters, numbers, and symbols, but:
   • Not sequential or repeating combinations, such as "12345678," "222222," "abcdefg," or adjacent letters on your keyboard.
   • Not common words with letters replaced by numbers or symbols, such as "M1cr0$0ft" or "P@ssw0rd". Unfortunately, hackers know these tricks, too.
3. Easy for you to remember, but difficult for others to guess, and:
   • Not your login name, your spouse's name, or your birthday.
   • Not words found in the dictionary, in any language. Hackers use sophisticated tools that can rapidly guess passwords that are based on words in the dictionary, in a variety of languages, and using words spelled backwards.
   • Not hard-to-remember. Random combinations of letters, numbers, and symbols that must be written down to be remembered, can be misplaced, or found by others and used.

One way to create a strong and memorable password is to come up with a "passphrase." Here's a way to create a passphrase-based password in four easy steps:

1. Think of a sentence that you can remember, such as "My son Aiden is three years older than my daughter Anna." This will be your passphrase.
2. Take the first letter of each word of the sentence to create a new word. Using the example above, you'd get: "msaityotmda".
3. Then mix it up by using a combination of upper and lowercase letters and numbers. Example: "MsAi3yotmdA"
4. Finally, substitute some special characters that look like letters, to make this password even stronger. These tricks finish the example password to read "M$8ni3y0tmd@".
5. If you're worried about remembering your passphrase, start with a common phrase as your passphrase, such as "You can't teach an old dog new tricks," then inject at least one number or symbol into the password. In this case, "yctaodnt" can become "YctaODnT", or even "U(t@0DnT".

Treat your passwords and passphrases seriously.

• Don't give them out to friends or family members (especially children) who could pass them on to other less trustworthy individuals.
• Don't store written passwords in your desk. If found, such a note, created for your convenience, can provide easy access to your computer for burglars.
• Never provide your password over e-mail even if a trusted company or individual requests it. Internet "phishing" scams might use fraudulent e-mail to entice you into revealing your user names and passwords so criminals can access your accounts, steal your identity, and more.
• Change passwords regularly. Ideally, you should create new, strong passwords for your accounts every few months. This can help keep hackers off balance if they're monitoring a Web site that you visit frequently.
• Do not use the same passwords for multiple accounts. You should create a new, strong password each time you open a new account.
• Don't enable the Save Password Option. If you receive a dialog box asking if you would like the computer to remember the password, choose No. This option lets anyone who uses your computer also use your pre-saved passwords on these accounts.