Is Userify Secure?

We're tightly focused on security and conduct frequent external third-party penetration tests.

Userify's SSL configuration has achieved an A+ rating from SSL Labs while still maintaining compatibility with older browsers, and we utilize a EV-TLS certificate, which authenticates our corporate structure in the United States. We've also achieved a #1 (the lowest risk) score at the Netcraft Site Report.

Our web applications are designed to be resistant to XSS and CSRF and offer multi-factor authentication (MFA/2FA) for user logins. We've also opened the source code for the Userify shim on Github so you can audit its operation yourself or find ways to enhance it for your operations.

We encrypt all data at rest, including all data that we store in Redis and S3, with X25519 (IETF) and all data in motion is encrypted with signed TLS and typically additionally with additional layers (hashing or encryption).

We are constantly looking for ways to further improve our security profile and further work with the security community. Please email if you have further questions.