We're tightly focused on security and conduct frequent external third-party penetration tests.
- Data encrypted/hashed at all times, at rest and in motion (X25519, TLS, bcrypt), including in cache
- Application designed to be resistant to XSS, CSRF, and SQL injection attacks
- Regular, independent third-party penetration testing
Our web applications are designed to be resistant to XSS and CSRF and offer multi-factor authentication (MFA/2FA) for user logins. We've also opened the source code for the Userify shim on Github so you can audit its operation yourself or find ways to enhance it for your operations.
Userify's SSL configuration has achieved an A+ rating from SSL Labs while still maintaining compatibility with older browsers, and we utilize a EV-TLS certificate, which authenticates our corporate structure in the United States. We've also achieved a #1 (the lowest risk) score at the Netcraft Site Report.
We encrypt all data at rest, including all data that we store in Redis and S3, with X25519 (IETF) and all data in motion is encrypted with signed TLS and typically additionally with additional layers (hashing or encryption).
We regularly hire third parties to perform penetration tests and run bug bounty programs to ensure our vigilance never ceases.
We are constantly looking for ways to further improve security. Please email [email protected] if you have further questions.