Security at SnapAuth
At SnapAuth, our primary mission is to enhance online security, and we prioritize this commitment above all else. As custodians of your sensitive information, we understand that earning and maintaining your trust is paramount.
Contact our security team
For any inquiries or concerns, please email us at [email protected].
We are strong proponents of responsible disclosure and will take all reports seriously.
Data protection measures at SnapAuth
Our approach to data protection revolves around minimizing data collection and ensuring that any data we store cannot be exploited by malicious actors. We only retain identifiers provided by users and associated public key data. For instance:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPwmVC/O5OQoXROZAZmqX3eHpoLim
rMZCV2N0FIg5pk8BN29DCP7Y1F8M7544KE5Zm/fzzg0+abHlowdH8+W+uQ==
-----END PUBLIC KEY-----
Should anyone manage to leverage this information to compromise an account, they would have effectively breached cryptography for the entire internet.
In addition to these measures, we implement a range of industry-standard security protocols:
- All network traffic to our application servers is encrypted with
TLS
(HTTPS
), withHSTS
configuration. - SnapAuth-enabled pages on your site also require
HTTPS
for traffic. - Encrypted connections are enforced between our application servers and databases.
- Database access is restricted to allowlisted IP addresses.
- Our databases are encrypted while at rest.
- Database user accounts operate with the principle of least privilege.
- External services we utilize are configured with two-factor authentication, preferably WebAuthn.
- We minimize our reliance on external services to reduce the attack surface.
- Whenever possible, we leverage open-source and audited tools.
- We implement rate-limiting and deeply-integrated permission systems.
- We monitor our domains' Certificate Transparency logs.
- All code changes undergo review and must pass automated tests.
Our team has extensive security expertise, including experience with PCI compliance audits at payment processors.
Domains we use
SnapAuth controls and uses the following domain names:
-
snapauth.app
-
snapauth.dev
-
snapauth.guide
If you see content claiming to be official and it is not on one of these domains, it should be treated with suspicion. Please contact us if you have questions or concerns about content on other domains.
This list was last updated May 8, 2024.
Email Domains
All email from us will come from snapauth.app
(direct communication) or snapauth.freshdesk.com
(support).
Passkey security
Refer to our comprehensive guide on the security advantages of WebAuthn and passkeys for detailed insights.