Some people have forgotten just how much Lotus Notes changed the software industry and established innovations that were decades ahead of the rest of the world. Innovations that are being “reinvented” today in other software as if they were creating something new. Software developers think they’ve come up with some novel idea that was actually first developed by Ray Ozzie’s team years or decades ago. The new re-creations of these innovations often lack the refinement in one seamless environment like is found in the mature and 30+ years time-hardened software that is HCL Notes & Domino. This article is the first of a series that will explore a few of those landmark innovations that set Lotus Notes so far ahead of the competition and in many ways continues even today.

1. Port 1352.
   It’s a very special number among the Lotus Professionals. This is the port number reserved by the Internet Assigned Numbers Authority (IANA) that is dedicated to HCL Notes protocol, also referred to as the well-known ports. https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
   While many software applications may unofficially stake a claim on some particular port, Notes/Domino has had official, exclusive assignment of this port since the 1990’s. This makes it exceptionally easy to manage networks and firewalls while retaining security.
   
   
2. Multi-Factor Authentication.
   Since R1.0 of Lotus Notes, it has had multi-factor authentication (MFA). What is all the rage today as an essential component of protecting your authentication and preventing unauthorized access, Notes has had from Day One. MFA requires two things: Something you have and Something you know. With Notes, these are the Notes user ID file and the password for it. Notes has provided this method of advanced security — natively and seamlessly — for over 30 years. Many of today’s web-based apps must go through all sorts of convoluted integration with systems to send text messages (vulnerable) or additional dedicated apps, like Authy or RSA Authenticator on your mobile device. Meanwhile, MFA in Notes is so seamless and has existed for so long that many people even forgot this is MFA.
   
   
3. Anti-spoofing protection during password input.
   While we’re on the subject of passwords, Notes has another anti-spoofing feature that many people don’t think about. Have you ever noticed when you type your password into Notes, the dialog displays randomly from 1 to 4 ‘XXX’ characters in the password field? This is to obfuscate how long your password is, making it harder for an ‘over the shoulder’ attack. Also, there is a graphic that changes with every character typed. The graphic is displayed algorithmically, so at the end of typing your password correctly, it will always be the same graphic. If it isn’t, then either you typed it wrong or the screen may be a man-in-the-middle, posing as a Notes client. I have yet to see any other software provide these security features that have always been part of the Notes client.
   
   
   
4. End-to-end encryption and compression during data transportation.
   All communications server-to-server and server-to-client have the ability to be encrypted as well as compressed. This port level encryption prevents eavesdropping on the data being transmitted.
   
   
   
5. NATIVE User-level encryption via public-private RSA key technology.
   From the beginning, Notes has had a public and private key structure as an intrinsic part of the software that allows encrypting documents in Notes that can only be read by the intended user. This includes email messages sent within the mail system. The security was so strong, IBM was required to publish a separate, International version of the software that the U.S. government could decrypt.
   
   Unlike other platforms out there which have finally come around to recognizing the value of this functionality, require third-party add-ons and complex administration, this feature has long been an integral innovation used in Notes out of the box. Read more of that history here.
   
   
   
6. Encryption of data at rest.
   Notes and Domino are also able to use the encryption key infrastructure in Notes to encrypt database files stored on the disk drive. This secures data from someone attempting to access the file directly from the operating system outside of Notes. This is especially effective in securing data on laptops, for example. Just another innovation that has been an intrinsic part of the software for decades.
   
   
   
7. Cross Certification with other organizations.
   Notes has built-in the ability to ensure the identity of external organizations through the cross certificate process. Both organizations share a public key to each other that can then be used to verify the identity of any connection from that external user is truly that user and prevents someone from creating a bogus identity to masquerade as them. What is a trivial procedure using a Notes “smart client” in the Notes/Domino platform, is is a painfully complicated process for platforms that use “dumb clients” (web browsers). How long has Notes had this? Right. Since the 1990’s.
   

8. Execution Control List (ECL).
   You know how Windows will prompt you to ask if you trust an application to make changes to your computer? Well Notes has had that as an integral part of the software long before Windows did it.
   Here is an example of what you see in Windows (UAC):
   
   Notes has similar settings, only far more granular. Here is one alert specifying a single type of action by a single signer:
   
   This dialog allows setting the default values for all the possible execution actions in the ECL settings:
   
   
   
9. Ability to view file attachments without the risk of running potentially harmful code.
   When you receive an attachment in email containing malicious code in it, if you were to open it in its native application, it may cause harm to your computer. To prevent this, Notes has an option to View the attachment via a simple, built-in viewer which can’t execute any code. The result is a fast, simple, safe way to see attachment contents.
   
   
   On this great feature, I think they made a regression in V10.  Prior to V10, if the attachment is an executable program (.exe for example), then the viewer would just display the compiler information — very handy for quickly identifying if it was created by the source you were expecting. As of V10 this feature was modified so that the “dumb” viewers were removed and it now uses a web browser instead. This process is a bit slower to open and it launches your default web browser which you may not want to open. For that matter, it requires that you have a web browser installed. I don’t know what the risks to malware are for attachments opened this way. I personally prefer the original solution. In any case, this feature is another example of the innovations that have been in Notes well ahead of the competition. 
   
   Here is what it displayed with an executable:
   
   
   This is what it displayed if you clicked View for a .zip file:
   
   (If you would like to see this feature restored to its original implementation, please vote for the idea here:
   https://domino-ideas.hcltechsw.com/ideas/NTS-I-2705

In summary, this is just a sample list to highlight of some of the innovations that Notes has had over the years in the area of Security that set it apart and ahead in the software industry.

Coming up: Innovative user features that set Lotus Notes / HCL Notes apart