Normally here on the blog it’s my pleasure to announce new features - some recent examples are our new UN M49 annotation and the “roadinfo” parameter - but today I thought I’d highlight some of the on-going, behind the scenes work we do on security.

One of the problems with the topic of security is that it tends to only get mentioned when there is a problem, so let me start by clarifying that this post is not driven by any security problem or breach. Security and the related topics of privacy and data protection are topics we take into account at the start of every project and every time we revisit the todo list.

While things like known software exploits get dealt with ASAP, there are other security projects that are just generally best practice to help nudge our users in the direction of protecting their data. The first project I want to feature falls into that category. We recently rolled out a change to our signup flow such that new users get a visual indicator of their password strength, see screenshot:

image

Hopefully this tweak will help remind users to create a secure password. Pro tip - if you aren’t yet, you should probably be using a password manager, we use and can recommend 1password, but there are others that are also good.

The second security tweak we recently made was to make it easier for one who happens to discover a security issue to report it. We now have a security.txt file which outlines how to report issues you might come across and has a key for encryption of your message to us if you don’t feel comfortable sending it to us in plain test. You can learn more about the proposed security.txt standard, which we’re happy to adopt and publicize. It makes sense to have a consistent place for digital service operators to publish this type of information, thus making it easier for issues to be reported.

We hope you enjoyed this little peak behind the curtain at some of the many small things that go into operating a secure service. Security isn’t always the most glamerous topic, but it’s important we get the discussion going before an urgent incident.

On that note, let me close by asking what other security improvements you’d like to see from us. Please let us know.

Happy geocoding, and stay safe!

Ed