User Admin
Security Guidance
  1. TLS 1.2
    Transport Layer Security (TLS) is the protocol used on the internet today to encrypt end-to-end connections. We Bond Connect Company Limited (“BCCL”) allows TLS 1.2 on all BCCL service and so as to ensure the safest and most reliable method of delivering services.
    If you are using an outdated web browser or your browser is not configured to use TLS 1.2, BCCL recommends you to upgrade your browser to Internet Explorer 11 or change the settings of your web browser to enable TLS 1.2.
  2. Secure the access to applications
    The main method to protect an account is to use a combination of user-id and password. A complex password will maximize the protection.
    BCCL recommends that at least these criteria are met:
    • At least 8 characters long
    • Combines digits, special characters, uppercase and lowercase letters
    • Only used for accessing
    • Not trivial (e.g. dictionary words)
    You should also change your password regularly. Your administrator will likely require this.
    You should also keep your password only to yourself, best to keep it in your memory but not on any written record.
  3. Visit only trusted websites
    1. Prior to entering any personal data such as your e-mail address and password, check the URL of the web page.
      Your e-mail address and password are requested by BCCL through a secure connection. The URLs used by BCCL starts with "" or "".
    2. Verify the certificate on HTTPS websites
      This could be achieved by clicking on the lock symbol either at the top or the bottom of the browser window.
  4. Use a recent browser
    In order to avoid common attacks and keep your account safe, it is advisable to use a recent browser. BCCL strongly encourages you to update it regularly. If you use a recent browser, your vendor should provide you with access to the latest security standards, and this is recommended. You should also update all the plugins (e.g. Java, Flash) that are integrated within the browser.
  5. Phishing & social engineering
    Phishing is a malicious attempt to get hold of your data, the purposes of which are to abuse or enable unauthorized use of your personal details, such as user-id and password. It is the most common way to do social engineering. In reality, it often involves asking you to click on a link to a malicious website that looks like the site of a trusted institution. People pretending to be a trusted party via phone or chat, for example, a phony helpdesk, are also engaging in phishing. Mail sender and embedded links can easily be hoaxed. You are advised to exercise caution.
    Changing your credentials by email is not recommended, except that it is you requesting to do this.