Userify is AICPA SOC-2 Type 1 certified and has achieved PCI-DSS and HIPAA compliance, as well as the top score at the Netcraft Site Report and has successfully completed the AWS Well-Architected Review.
Our web applications are designed to be resistant to XSS, CSRF, injection, inclusion, and many other attacks, and offers multi-factor authentication (MFA/2FA) for user logins. The source code for the Userify shim is opened on Github so you can audit its operation yourself. Userify conducts frequent external third-party penetration tests.
Userify encrypts all data at rest, including all data that is cached and stored in Redis and S3, with Curve 25519. We minimize the use of secret materials in general, and sanitize incoming data. Passwords are hashed with bcrypt, scrypt, or argon2. All data in motion is encrypted with SSH or signed TLS.
We are constantly looking for ways to further improve our security profile and further work with the security community. Please email firstname.lastname@example.org if you have further questions.