Yes, we take extensive measures to ensure that storing grades on Engrade is vastly more secure then storing them on any school machine. Engrade has operated since 2003 and has never had a security breach. These are the security steps we take to ensure your data is safe:

1. Engrade's web servers run a LAMPS-only (Linux, Apache, MySQL, PHP, and SSH only) configuration. Our servers do not run any other daemons such as Sendmail or FTP. None of our servers operate on Windows.

2. All data on Engrade is copied daily to a back up server which runs SSH only.

3. All of our servers are stored in a multi-zoned, card-based-access server center.

4. All data is copied weekly to a local external hard drive which is kept in a locked safe at all times except during back ups.

5. Absolutely no user data is stored on any employee laptops or desktops. In the event of a theft, no user data will be compromised.

5. All scripts are rigorously tested for security holes.

6. Our log in system prevents brute force attacks by automatically blocking any IP address that attempts too many failed logins in a given period of time. An attacker can only average a maximum of one attempt per minute which makes it computationally infeasible to randomly guess a reasonably complex password.

7. User sessions are assigned a 384-bit string which makes randomly guessing a user session computationally infeasible.

8. Engrade automatically closes any user session that has been idle for more than 60 minutes.

9. Engrade assigns each Access Code that a student has entered a 128-bit token, which makes viewing a non-entered Access Code computationally infeasible. Students can enter an average of only one Access Code every 4.8 minutes, making it computationally impractical to guess a reasonably complex Access Code number. As a further precaution, all information in the student section is anonymous.

10. We prevent SPAM by only allowing confirmed connected users (i.e. student-teacher and teacher-school) to message each other by assigning the relationship a 128-bit token; making it computationally infeasible for an attacker to message a user they are not connected to.

11. https://www.engrade.com is encrypted using a 256-bit HTTPS/SSL key that makes it computationally infeasible for a third party to view web traffic coming to our servers. Because some school block access to sites using HTTPS, we do allow users to log in using unencrypted HTTP but we HIGHLY recommend against it.

12. Engrade has done the utmost to ensure that our system is secure, but the final level of security relies on the user. All users must choose reasonably complex passwords. Names, phone numbers, and dictionary words are weak password that can easily be guessed; arbitrary mixes of lower case letters, upper case letters, and numbers are much stronger. All teachers must choose reasonably complex Access Codes. Sequential codes such as 1, 2, and 3 are weak and can easily be guessed; arbitrary 6-digit numbers are much stronger. Users must always log out of their account when they are done. Users must never log into a website using their Engrade login information unless the address of the website begins with http(s)://www.engrade.com/.