Userfront uses the latest Commercial National Security Algorithm (CNSA) specifications for token signing.
Algorithm approved to protect National Security Systems (NSS) up to TOP SECRET level.
Userfront encrypts its signing keys at rest, so even a database breach would not expose them.
Passwords are hashed using well-tested, CPU-intensive algorithms with salting and key stretching.
Each hash uses its own cryptographically-secure, CSPRNG-generated salt to prevent brute force, lookup table, and rainbow table attacks.
Secure, single-use, time-expiring links are generated for password resets, when resets are enabled.
Information about a user's authorization.
Information about a user's identity.
Used to obtain new Access & ID tokens.