At Simkl, we recognize that security is important to our users and partners. This blog post explains some of the steps we take to protect your security along with tips on things you can do to have a more secure Simkl experience.

Using Passwords on the Simkl website.
When you first load the Simkl homepage the content is unencrypted, but when you click the “Enter” button on Login page our JavaScript code will encrypt your login credentials (including Login and Password) and then send the encrypted version to Simkl using 1024-bit RSA keys such that only Simkl can decrypt them.

How does Simkl store user passwords?
Simkl never stores your IM passwords on its servers. To make Simkl more secure we do not store your Simkl password for your Simkl login in raw text on our servers. We use proprietary encryption technology to encrypt your password before creating your Simkl passport in such a way that your Password is saved on Simkl servers as gibberish, random text. There is no way to decrypt your password by looking at it on Simkl servers. This means that Simkl staff or anyone else will never know your real password except you.

Is there an https version of Simkl?
No. While Simkl does not provide https version of its sites, Simkl provides secure 1024-bit RSA based logins. There are a lot of drawbacks to using https. Https is not as secure as you might think, there is still a risk that a malicious person could intercept your credentials through a so-called “man in the middle” attack – see related NYTimes article. Looking at chat history using Https might feel a lot slower than current non-https version of Simkl. A rough estimate is that it takes 2-5 seconds longer to load the history.im homepage and login when using https. The impact could be even greater if you’re located outside of the United States. The reason – Simkl uses a highly distributed website using CDN which means that Simkl website is actually located at more than  50 different servers world wide and that makes opening your chat history extremely fast. Using https requires Simkl to serve our website, chat history and images from a single server sometimes far away from your home country which makes everything much slower. We are constantly looking into new security methods and website optimization techniques to make Simkl more secure and faster and perhaps we will add some sort of Https/SSL option in the future.