Source

Source guide

Security

Contact Support

Security Measures

These security measures apply to your Source account. Protecting your account is our top priority. This guide explains Source's account security measures, and our recommended security practices.

Data Encryption

Source encrypts two important data pieces: your social security number, and Business EINs. When you provide your Social Security Number or Business EIN, it is encrypted, and the encryption string is stored in or Database. The encryption string cannot be decoded. The encryption occurs after your identity is verified. Niether Source, nor its personnel, will make your Social Security Number or Business EIN visible to you or anyone in your organization.

Password Protection

Your Source passwords are hashed when you create your account. Password hashing is the process of converting your plain-text password into a fixed-length string using a cryptographic algorithm. This hash cannot be reversed to reveal your original password. Hashing ensures that even if our database is compromised, your password remains protected. Each time you log in, the password you enter is hashed and compared to the stored hash for verification. The stored hash cannot be used to log in to your account.

Password Best Practices

It is best practice to use a strong, unique password and a password manager. Most smart devices are equipped with password managers that can generate strong passwords that are often then locked behind biometric login processes. This protects your passwords. Use your smart device's equipped password manager to generate strong passwords and protect your passwords.

Two factor Authentication (2FA)

Most password managers are now equipped with two factor authentication capabilities. For example, iOS Passwords allow you to enable 2FA for many of your accounts. It generates passwords, connects them to your online account URLS, and if enabled, connects them to the built-in code generator. It allows you to autofill all this information for your convenience whenever you try to log in to an account. Enable 2FA using your smart device's built-in password manager, and its capabilities. Source will not send codes to your email or phone number.

Enabling 2FA

To enable 2FA, locate the settings card on your dashboard. It is the last card on the dashboard. It will open the settings window. The password field will be shown at the top. Your password will not be visible and you cannot change your password. The second element in the window is for you to configure your 2FA settings. If your 2FA settings are not configured, a 2FA qr code will always be shown below the 2FA heading. This is the only 2FA mechanism Source will allow. You must open your password manager, or app store downloaded 2FA provider, and scan the qr code. Once scanned, the qr code will be replaced by a toggle button which will show on. It is a read-only field. You will not be able to toggle it off.

Security Alerts

Source will employ security alert mechanisms to enhance account protection. Source will allow you to add three devices to your account. Once added, you will be able to access your Source account from any of the three devices without further hindrances. If you try to access your account from any other device, Source will send alerts to your added devices. You must authorize the log in from one of your registered devices. If you fail to authorize the log in within a reasonable time, Source will lock your account and you must contact us to reopen it. If Source receives conflicting responses from the alerts, Source will lock your account and you must contact us to reopen it. If you lose all your authorized devices, you must meet with us in person to regain access to your account. If you change one or all of your devices, you must contact us to regain access to your account.

Session Management

Source also employs session management mechanisms to enhance account security. Session management will show all your active sessions. These are all instances where you are currently logged in to the Source platform or were logged in to the Source platform. It is your responsibility to review your active and inactive sessions revoke and report any unknown sessions immediately. If you abuse the Session management mechanism, your account will be flagged and full review of your account will be conducted. You may be suspended from the Source platform if you abuse the session management mechanism.

Reporting Suspicious Activity

If you suspect your account has been comprised, email Source Support immediately at sourcesupport@thelearmondcorporation.com. Do not attempt to log in to your account.

Your Responsibilities Per the Terms of Service

You are responsible for all activity under your account.

---

Last updated: October 28, 2025