Once you have custom-branded your SmartVault portal, if your company already has a public web site, you can create a link on your public web site to your secure, custom-branded, https:// SmartVault sign in page.

When you create a link, ensure that you create the link using text or a button that takes your users directly to your secure https:// SmartVault sign in page. Once your users arrive at the secure https:// SmartVault sign in page, they can securely type in their SmartVault user ID and password and then sign in to your custom-branded SmartVault portal.

Do not allow users to enter their SmartVault user ID and password in a login box created with an iFrame on an http:// page on your public web site.

iFrames are a browser feature that allows web sites to deliver content from a remote web site within a frame on a page. For example, you may be seeing iFrame when you see a small box on a web site that displays stock quotes originating from a different web site.

In the past, some SmartVault customers have used iFrames on their public web sites to create a box on one of their http:// web site pages that points to the SmartVault sign in page. Visitors to their web site can enter their SmartVault user ID and password in the iFrame on an unsecure http:// page on the customer's web site to sign in and use SmartVault.

Some customers liked this approach, because they wanted to promote their company brand to their users and they also believed that it provided a more seamless experience for their customers.

However, SmartVault recommends that you do not use an iFrame on an http:// page on your public web site to display the SmartVault sign in page and allow your customers to enter their credentials through an iFrame. Http:// pages are unsecure pages, and the iFrame you place on your public web site could be compromised by a hacker. For example, the hacker could change the code in the iFrame on your unsecure http:// web page to point to a fake web page created by a hacker. Then, when your customers or employees try to log in using your compromised iFrame, the hacker can steal the email address and password they use for their SmartVault ID. Hackers know that many people often reuse email addresses and passwords across many web sites, so once hackers have stolen email addresses and passwords by compromising your iFrame on an http:// page on your public web site, they then go try and use these stolen credentials to try and gain unauthorized access to areas such as online bank accounts using the stolen credentials.

Instead of using iFrames, SmartVault recommends that you provide a link or button on your public http:// web site to your secure, custom-branded https:// SmartVault sign in page. When users click the link or button, they are immediately taken to your secure, custom-branded https:// SmartVault sign in page, and they enter their credentials only when they are on your secure, custom-branded https:// SmartVault sign in page.

When a web address, such as the SmartVault sign in page, begins with https://, your computer is talking to the web site in a secure code that no one can eavesdrop on. When you sign in to a secure https:// web page, such as the SmartVault sign in page, the text you type into fields on the web page is encrypted, so your personal details, such as your SmartVault user ID and password, can't be stolen and used by hackers. In addition, a web site that supports https:// will have a web site Secure Sockets Layer (SSL) Security Certificate. These certificates are only issued by certain companies such as VeriSign and Thwate. Companies that issue security certificates for https:// always check that the company is applying for the certificate is genuine. This helps you by giving you reassurance that a web site you're going to sign in to and give personal details is genuine.

Most web sites support https:// if you are going to be typing personal information in to them. For example, banks, ecommerce sites such as Amazon, eBay, and PayPal, and web-based mail provides such as Hotmail, Yahoo mail, and Google’s gmail all use https://. You should always make sure that the web site uses https:// if you are using an online bank, shopping site, or any other site, such as a site that stores important business or personal information, where you don't want your personal details to get stolen.

If a web address begins with http://, it is not as secure as an https:// web site. Most public web sites use the http:// protocol. Http:// is a type of language, or a way for information to be passed back and forth between web servers and clients. When you see http:// at the beginning of a web address, this means that the web site is talking to your browser using regular, "'unsecure" language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the web site. For example, if you fill out a form or enter data into fields on a web page that uses http://, someone might be able to see the information you enter.

For these reasons, SmartVault recommends that you create a link to your custom-branded SmartVault sign in page using on your http:// web site to the secure https:// SmartVault sign in page. Once your customers arrive on your secure, custom-branded SmartVault https:// sign in page, they can enter their user ID and password. You should not allow your customers to enter their user ID and password in an iFrame on an unsecure http:// page on your web site.