Security & Compliance

  • Home
  • Security
  • Security & Compliance

Userify Security

AICPA SOC-2 Compliant

Userify is AICPA SOC-2 Type 1 certified and has achieved PCI-DSS and HIPAA compliance, as well as the top score at the Netcraft Site Report and has successfully completed the AWS Well-Architected Review.

Our web applications are designed to be resistant to XSS, CSRF, injection, inclusion, and many other attacks, and offers multi-factor authentication (MFA/2FA) for user logins. The source code for the Userify shim is opened on Github so you can audit its operation yourself. Userify conducts frequent external third-party penetration tests.

Userify encrypts all data at rest, including all data that is cached and stored in Redis and S3, with Curve 25519. We minimize the use of secret materials in general, and sanitize incoming data. Passwords are hashed with bcrypt, scrypt, or argon2. All data in motion is encrypted with SSH or signed TLS.

We are constantly looking for ways to further improve our security profile and further work with the security community. Please email security@userify.com if you have further questions.

Get More Information

Please fill out the form below to receive more information. If you are inquiring about purchasing Userify, please be sure to include your company name, number of servers and users, and the Userify edition that you are interested in.