Security Update - June 2020

Update to user password standards

Security is a top priority for us here at LOKE. We constantly monitor our product for new security requirements. It is standard procedure for us to update our security measures and these changes are nothing to be concerned about. 

You may have seen the following messages in one of our apps:

Current users - "Password update required, please click here to update"
New users - "Password not accepted, please choose another"

Or you may have reports of customers being logged out of their app and asked to create a new password.

LOKE has not had a security breach, but we have identified attempts to access some apps using passwords that have been compromised elsewhere using a technique called credential stuffing.

Basically, it means that the password entered has been seen in a previous breach (an incident where data has been unintentionally exposed to the public) on another platform. Note that it may have been seen on a different user if the password is likely common such as password123.

To protect our users from credential stuffing attacks we do not allow compromised passwords to be used, so we ask that you enter a new password.

If your account is receiving this message and you use the same password in other locations we strongly suggest you update the password in all locations.

What else can I do?

The best way to protect yourself from these breaches on any platform is to use a strong, unique password every time you create a new account.

You can look up your email address via the service we use HIBP https://haveibeenpwned.com/ to see where it was previously compromised.

For more information about compromised lists please visit https://haveibeenpwned.com/FAQs

Other recent updates to our security:

• IP Localisation Lookup - to limit access from higher risk locations
• HIBP API - To ensure the credentials entered haven’t been previously compromised

Please contact support if you have any questions or require further information - support@loke.global