Is The Assetz Capital Login Secure?
The Assetz Capital* login page is one of the key focal points for security risks on its website. We have assessed this page – as well as the entire website – for its cybersecurity.
Most websites now earn the “secure” symbol next to the website address in your browser window, but this is far cry from being definitive. Let's see how safe and secure the Assetz Capital login and website is.
Assetz Capital's cybersecurity ratings
The website's three servers that point at the sign-in page and the registered investor area of Assetz Capital's website are A-rated by SSL Labs. The two servers pointing at the public part of the website have the grade of A+.
The difference between A+ and A is that the A+ servers don't allow browsers to downgrade the website to a less secure http version from the better https version. Even so, users of Assetz Capital's registered investor area will not be able to sign in on http only, once they try to complete the sign-in form. And Assetz Capital automatically directs users to a secure version of its site. So the difference is not noticeable.
The security certificate validates the authenticity of Assetz Capital's website and is a tool for encrypting information going from Assetz to your browser and back again. For example, when you supply personal data.
Assetz Capital's website security certificate is valid. It is certified by an established, globally recognised certificate authority. Its security key is strong.
Malware, security bugs and vulnerabilities
Malware is a malicious program that tries to break websites or get inside them.
The Assetz Capital* website doesn't appear to have malware or server errors that could be exploited by it. 4thWay's security provider Sucuri marks it as clean in a soft probe. Google Sage Browsing, McAfee, PhishTank, Opera and Yandex also mark it as clean.
The website is not vulnerable to the Heartbleed and Ticketbleed threats, which would allow people to easily steal information.
ROBOT, BEAST and POODLE – which are some severe security weaknesses – can't be exploited on the Assetz Capital website.
Encryption and ciphers
There is no obviously poor encryption and there are no clearly weak ciphers, such as RC4, which would result in a large number of different vulnerabilities.
Qualys reports that Assetz Capital uses TLS 1.3, which is the latest standard in encrypting communications between your browser and Assetz's servers.
To earn an A or A+ security rating, instead of a B grade, Assetz Capital has to be using a cipher suite – programming rules to secure the server – that have no known possible weaknesses. This includes such things as forward secrecy, which prevents a hacker getting hold of historical exchanges if it manages to get hold of a private security key.
The website is not blacklisted by any anti-spam groups, such as McAfee or Norton Safe Web.
Firewalls, monitoring and independent checks
Amazon uses Amazon Web Services security measures, including the AWS firewall. A firewall is an important defence against hackers.
Assetz Capital* has internal monitoring of its website and other systems, and it uses Mimecast to monitor for external threats.
Furthermore, an independent auditor reviews Assetz Capital's infrastructure security every year.
As far as can be ascertained, Assetz Capital's website technology is up-to-date.
Is your Assetz Capital login safe?
Assetz Capital's website performs very well compared to other P2P lending companies and, indeed, to most websites that process personal information, financial information or financial transactions.
What you must do for your security?
You should absolutely set up two-factor authentication, which is when you confirm your identity through your phone as well as through a password.
The length of your password is the most important aspect by far. The person who initially came up with the idea of shorter passwords with numbers, lower case, capitals and special characters recently admitted it was a waste of time and not secure.
A 16-character password, even one simply made up of a few memorable words strung together, like “donthackmeplease”, is extremely high security, while eight is definitely too short – regardless of what it is.
Independent opinion: 4thWay will help you to identify your options and narrow down your choices. We suggest what you could do, but we won't tell you what to do or where to lend; the decision is yours. We are responsible for the accuracy and quality of the information we provide, but not for any decision you make based on it. The material is for general information and education purposes only.
We are not financial advisors, which means that we don't offer advice or recommendations based on your circumstances and goals.
The opinions expressed are those of the author(s) and not held by 4thWay. 4thWay is not regulated by the ESMA or the FCA. All the specialists and researchers who conduct research and write articles for 4thWay are subject to 4thWay's Editorial Code of Practice. For more, please see 4thWay's terms and conditions.
*Commission and impartial research: our service is free to you. 4thWay shows dozens of P2P lending accounts in our accurate comparison tables and we add new ones as they make it through our listing process. We receive compensation from Assetz Capital and other P2P lending companies not mentioned above when you click through from our website and open accounts with them. We vigorously ensure that this doesn't affect our editorial independence. Read How we earn money fairly with your help.