Account Management

To manage your account, navigate to your Account Settings page by clicking the Pagedip icon in the top left corner and click on the Account link. From this screen, you can change account details for your personal account, as well as for any organizational accounts you own.

Navigate to the Account Settings Page


Account Details

Your Account Details are used to identify you in Pagedip. Please note that it's not possible to change your username. However, the Name and Email fields can be edited and updated to your liking.


Password Reset

There are two ways to change/reset your password:

  • You select the Password tab on the left bar and type your new password into the Password Reset fields, and click the Change Password button

  • If you don't know your current password, you can use the Forgot Password link on the sign in page. This will take you through the necessary steps to recover your password.

Add, Delete or Edit a Custom Domain

Adding a Custom Domain to your account will allow you to access your Pagedips on your own company's domain, instead of the Pagedip website. To add your domain, you'll need to first add it in your Account and then point your DNS to Pagedip. If you need further assistance, please contact your Account's administrator.

My Organization

If you're a part of an Organizational Pagedip account, you'll see it listed under this section. You can hover over each one to see the Handle of the account and click on the bubble to edit the Organization's Account Settings. Like your personal Account Details, your Organization Details are used to identify your organization in Pagedip.

Account Safety

Pagedip has designed a structure to holistically protect data. This section will detail our architectural approach as well as the steps you can take to ensure the safety of your data.

User, Organizations, and Accounts

Pagedip access is granted based on three levels: users, organizations, and accounts:

  • A user represents a personal account, usually for a single person.

  • An organization is a shared account that is accessible by many users.

  • An account is the general name for a user or an organization, identified by a unique string (i.e. username) that becomes part of their specific URL.

While organizations are accounts in the same way a user is an account, they cannot be accessed directly. This means that you cannot sign into Pagedip with the username of an organization. Instead, organizations allow their members (other users) to create documents and make changes on behalf of the organization. There are two levels of membership within in an organization:

  • A member can create, delete, and edit Pagedips under the organization.

  • An owner can change members and owners within the organization.

Pagedip Access Control

Each individual Pagedip is secured with an advanced access control mechanism that determines what accounts have access to Pagedip data. This operation has been embedded at the lowest level, the database itself, for optimal data safety.

Data access is separated by direction:

  • Reads are all or nothing. Either a user or organization has access to everything in the Pagedip, or none of it. Read access is required to view live Pagedips.

  • Writes are controlled by the account access level. Write access is required to edit Pagedips within the Pagedip Writeroom.

There are three access levels available within Pagedip. These determine the level of control an account has in a Pagedip.

  • Read Only can only view a Pagedip and cannot make any edits.

  • Editor can create and edit the content of a Pagedip.

  • Admin can share a Pagedip with others and delete/transfer the Pagedip.

Pagedips can be marked with a visibility level. This controls whether or not you need to be signed into Pagedip to read.

  • Public Pagedips can be viewed by anyone with the direct URL.

  • Private Pagedips can only be viewed by users with an access level. This means that private Pagedips must be shared with a user in order for them to read specific content.

Authentication

The Pagedip enterprise solution takes password security very seriously.

  • Passwords are hashed thousands of times using SHA512 and a long salt.

  • Pagedip has deep support for SSL connections, which will ensure that passwords are never sent in plain text over the network.

  • Passwords are sent to the server once to obtain an access token and the token is used for subsequent requests.

  • Plain text passwords are never stored anywhere; not on Pagedip's servers, nor a client's browser.

  • OAuth2 support allows for the Pagedip service to securely identify users cross-domain without leaking any user access details.

Other Pagedip authentication features are on our roadmap and will be added in future development sprints.

  • Two factor authentication (2FA)

  • Single sign on (SSO) with LDAP/Active Directory for integration with existing enterprise authentication systems.

  • Password-protected Pagedips utilizing true end-to-end encryption.

Browser Security

Since Pagedip is primarily accessed through modern web browsers, we have ensured that Pagedip is protected from the majority of browser-based attacks, including XSS and CSRF. Here are some of the measures that Pagedip employs:

  • JavaScript trust model, separating system scripts from user scripts.

  • Sandboxed iframes

  • API server has a zero-cookie policy

  • HTTP security headers, including: CORS, X-Frame-Options, and Content-Security-Policy

Additionally, Pagedip gives each user in the system a unique domain name. This sandboxes the user through the browser's cross-domain policy, making it extremely difficult to obtain information on other users and Pagedips in the system.

Keeping Your Instance and Account Safe

While Pagedip is designed to keep your data secure, there are some additional steps you should take to ensure your data stays protected.

  • Use a long password for your account, bonus points if it is randomly generated. The most common ways an attacker gains access to data is directly through the front door. Having a long password ensures your account cannot be easily breached.

  • Secure your instance with your own SSL certificate signed by a certificate authority (CA) you trust. Better yet, ensure the HSTS header is enabled to force all users through SSL. In a high availability scenario, Pagedip servers should communicate with each other using certificates signed with a common CA as well.

  • Pagedip keeps a detailed security log of all sign ins and password reset requests. Review this data on a regular basis.

  • Use a firewall and, optionally, a reverse proxy when setting up your instance. Pagedip servers are only accessible through ports 80 and 443. Your firewall should block connections to all other ports. A reverse proxy can be useful in protecting your instance from network level attacks.