All users have to enter a password to access their part of the system. Passwords are encrypted on the database. If a user forgets a password, the system prompts creation of a new one. Hacking in by guessing the password through multiple attempts is prevented because the system locks people out after several failed attempts to log in. When an authorized user is logged in, cookies are used to track that user's approved level of access. 'Roles' are determined from three pieces of information: the user identity, the manuscript identity, and the type of user (author/reviewer, editor, staff). This allows the system to have a fine-grained security approach. For example, an author on one manuscript may be a reviewer on another manuscript. The system will provide author-level access for the authored manuscript and reviewer-level access for the reviewed manuscript.
The data on the system is backed up daily, and mirror copies are kept in two different locations to allow for disaster recovery.