Several areas of the site use SSL (Secure Sockets Layer) with a security certificate implementing AES 256-bit encryption to encrypt your data before submitting it to ensure your privacy. These pages will automatically switch to an address starting with https. You can view information about our SSL certificate by locating the green SSL icon, usually shown as a lock or a key in the bottom right corner of your browser window.


Our site requires users to create an account and login to access several areas including your account information, web store, online giving, and event registration. The login process utilizes a solution known as Secure Remote Password protocol (SRP). This varies from traditional login forms that require you to go to a separate page using SSL. Instead, you are able to login from virtually any page on the site, making your experience much more enjoyable and seamless while remaining highly secure.


If you ever forget your password, you can request a new one by clicking the "Send my new password" link below the login form. We will send an email to the address you entered containing instructions on how to reset your password and a link to the password reset form. Just like the login and re-authentication processes, your password change takes place using the SRP process, so your new password stays private.

Secure Remote Password, or SRP, is a zero-knowledge protocol, meaning that your password is never stored on our servers. Instead, a carefully encoded passphrase based on your login information is created using the JavaScript Cryptography Library, part of a password management project known as Clipperz. The passphrase creation takes place on your computer, so we never see your actual password. In addition, every time a user attempts to log in to the site, a unique challenge code is created, ensuring that brute force attacks cannot be used to break in to your account.


At times, you may be asked to re-enter your login information. We automatically block access to restricted parts of the site after 30 minutes of inactivity. This is just one more way to help keep your data safe and uses the same SRP login procedure outlined above.


To maintain the highest level of security, we store your sensitive information, such as credit card or checking account numbers, as encrypted data. Each user of the site has a custom encryption key to further prevent malicious third parties from gaining access to your data. Additionally, your credit card and/or account numbers are never displayed on screen.