Is The RateSetter Login Page Secure?
The RateSetter login page, and RateSetter* generally, is bound to be an interesting but tough challenge for hackers. As with other peer-to-peer lending and IFISA providers, RateSetter takes and stores your personal details, such as your date of birth, your address and sometimes even your National Insurance number. And it stores financial details, such as your bank account number. On top of that, it automatically processes transactions with your money. So how secure is the RateSetter login and other aspects of its website?
Standard tests of RateSetter's cybersecurity
The website has an A rating from Qualys‘ SSL Labs for its server strength and Sucuri* rates it as low risk for malware. Malware is kind of like a virus that would attempt to disrupt or gain unauthorised access to the RateSetter website.
RateSetter's websitecertificate is valid, trusted and the key is not weak. The key is expected to verify that information has not been tampered with.
The website is not vulnerable to the Heartbleed and Ticketbleed threats, which would be an immediate fail for any peer-to-peer lending or IFISA website, allowing hackers to steal information.
ROBOT, a once deadvulnerability that has risen again, is also not present. The old BEAST and its somewhat newer cousin, POODLE, are also potential exploits that are missing.
There is no obviously poor encryption or weak cyphers, such as the maligned RC4, which would result in a large number of different vulnerabilities.
A lot of threats such as these, blessedly not showing up here, could have handed hackers access to your RateSetter login, or personal or financial details.
Another test also detected no malware and no signs of website defacement – which is basically juveniles spraying graffiti on a website. No “injected spam” – links added by hackers to websites – seem to be showing up either.
The website is not blacklisted by any anti-spam groups, such as Google Safe Browsing or Sucuri Malware Labs.
RateSetter has a firewall in place. Firewalls help to prevent unauthorised access to the website and the information stored behind it.
Finally, RateSetter also logs you out automatically after 15 minutes of inactivity.
What's the bottom line for these tests?
None of the above tests prove that the RateSetter website is safe; they just prove that there are no obvious clues that it is unsafe.
Any failure in the above would indicate cluelessness, or a serious lack of safety or respect for cyberfrom the peer-to-peer lending website. Therefore, we would expect P2P lending sites to pass these tests as a matter of course.
Is your RateSetter login safe?
It is likely that the most likely way that you will suffer from hackers is if you do not look after your own RateSetter login and password yourself. Keep it safe!
RateSetter offers optional two-fator authorisation and I strongly recommend you switch it on. Since you need both a password and a code sent to your mobile phone, it makes it incredibly difficult for hackers to get into your account through any mistake that you might make.
A 16-character password, even one simply made up of a few memorable words strung together, is very high. The length is the most important aspect, rather than having numbers or special characters. An eight-character password can be cracked reasonably quickly now even by an ordinary computer, whereas a 16-character one is still deeply indestructible.
*Commission and impartial research: our service is free to you. We already show dozens of P2P lending companies in our accurate comparison tables and we keep adding more as soon as they provide us with enough details. We receive compensation from RateSetter and other P2P lending companies not mentioned above when you click through from our website and open accounts with them. We vigorously ensure that this doesn't affect our editorial independence. Read How we earn money fairly with your help.
We also receive commission from Sucuri if a business clicks through and buys its cybersecurity services.