Simple is secure.

• • •

More security options means more chances that something is mis-configured. Userfront gives you fewer, higher-security defaults, and configures them automatically.

NSA-grade token signing

Userfront uses the latest Commercial National Security Algorithm (CNSA) specifications for token signing.

Large-modulus RSA

Algorithm approved to protect National Security Systems (NSS) up to TOP SECRET level.

Encrypted signing keys

Userfront encrypts its signing keys at rest, so even a database breach would not expose them.

CNSA document

Proper password handling

Passwords are hashed, handled, and reset with secure protocols.

Hashing

Passwords are hashed using well-tested, CPU-intensive algorithms with salting and key stretching.

Salts

Each hash uses its own cryptographically-secure, CSPRNG-generated salt to prevent brute force, lookup table, and rainbow table attacks.

Resets

Secure, single-use, time-expiring links are generated for password resets, when resets are enabled.

Safer cookie configuration

Sensible presets to reduce the risk of XSS and CSRF vulnerabilities.
Live site Test mode
Cookie type
JWT
JWT
Secure
Configurable
Expiration Automatic Configurable
SameSite Strict Lax

Tokens for each need

Automatically generated tokens you can use in your application.

Get started

Access
Token

Information about a user's authorization.

ID
Token

Information about a user's identity.

Refresh
Token

Used to obtain new Access & ID tokens.

Security comes standard.

Security can be complex and hard to keep up with, or it can be simple.