Security

How secure is my information?

Texas Mutual Insurance Co. takes special care in maintaining the privacy and security of your information. For example, Texas Mutual® online services requires you to enter a valid email address and password before permitting you to see any policy related information. This site also encrypts all the information that the server and your browser exchange. If you are inactive for an extended period of time, the site will log you off and you will need to reenter your email address and password.

Why are cookies important?

This site uses a common technique, HTTP-header cookies, to identify one page request from another. The cookies this site creates do not contain any personal information. They merely allow the site to recognize a page request comes from someone who has already logged on. The information is stored temporarily in memory and is available only during the course of a session. The information is removed once you log out and close down your browser. Some browsers can be configured to warn the user whenever a site sends it a cookie. If your browser provides an alert asking you to accept or reject the use of cookies, you should accept. The site will not work without them.

What is encryption?

Encryption is a mathematical process that transforms a message in order to conceal its meaning. Encryption is used to protect messages from eavesdropping, tampering, or message forgery over the Internet.

How is encryption used by this site?

Texas Mutual® online services encrypts the transmission of all policy related information that is transmitted between our server and your browser. The security standard SSL, Secure Sockets Layer, is used to implement this. SSL is the leading standard for securing World Wide Web transmissions. It is also supported by the leading browsers, Netscape Navigator (versions 1.1 and above) and Microsoft Internet Explorer (versions 2.0 and above).

How can I tell that SSL is in effect?

The URL of a secure document begins with HTTPS://. The additional "S" on the end of the familiar HTTP indicates a secure channel to the server. Also, in Netscape Navigator 4.0+ and Microsoft Internet Explorer 4.0+, the security icon is a padlock. The hasp of the padlock will be closed once a secure channel is established.

How secure is SSL?

SSL uses public-key encryption. This technology can use keys of various sizes. The larger the key length, the greater the number of possible keys, the more difficult the decryption challenge, and the more secure the message. Browsers generally have one of two key sizes: 40-bit or 128-bit. Messages encrypted with a 40-bit key could possibly be decoded in less time than those encrypted with a 128-bit key. Messages encrypted with a 128-bit key are 3 x 10²⁶ (3 followed by 26 zeros) times harder to break.

This site provides the maximum level of encryption, 128-bit.  Browsers with 128-bit encryption are available for downloading from either Netscape or Microsoft at no cost except telephone time. However, by United States law, these browsers are available to U.S. and Canadian citizens or permanent residents only.

Why do I need to use a particular browser?

In order to maximize the privacy of your information as well as to provide a consistent visual presentation, a W3C standards compliant browser is required. For example, the browser must support JavaScript, Cookies, and Secure Sockets Layer (SSL). For enhanced security, we require a browser version that uses 128-bit SSL encryption. Furthermore, those browsers have been used to extensively test this site to ensure that the pages display and behave in a predictable manner.

The browser requirement for this site is Microsoft Internet Explorer 6 and above. Other browsers may work if they fully support the W3C standards; however, this site has not been tested or certified for other browsers.

Note: If you are an AOL®, CompuServe®, or Prodigy® user, you may also need to use one of the minimum required browsers and may need to download one.

What are my responsibilities?

Customers have their own set of responsibilities in providing security for their policy related information. Passwords must be kept secret. Your password will not appear on the screen as you type it in, but you should make sure that no one is physically watching as you enter your password.

If your PC is left unattended with the browser running and a valid email address and password cached, anyone may gain access to the policy related information. You should also take precautions to keep computers clean and free from viruses that could be used to capture your password keystrokes.