# Application security | | Authentication Security | | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Authentication Options | For admins/agents in Socialboards Inbox, we offer Socialboards sign-in with forced (optional) 2-factor authentication. We can also offer Google Authentication and Azure AD SSO for clients that request these features. | | Password Policy | The Socialboards sign-in has a password policy, following modern security standards. The password is not configurable, and most consist of 8-characters including Upper-case letters, numbers and special characters. | | Two-factor authentication (2FA) | If you are using Socialboards sign-in on your Socialboards Inbox, you can turn on 2-factor authentication (2FA) for agents and admins. Socialboards supports SMS through our vendor Twilio, in addition to the Google Authentication app for generating passcodes. | | Secure Credential Storage | Socialboards follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash. | | API Security & Authentication | The Socialboards Inbox API is SSL/TLS-only. | | | Secure development | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Data Protection Program | All employees - including developers - are obligated to participate in our GDPR Data Protection Program. It consists of a 9-part course, including subjects such as Data Privacy, Security Policy, Risk Management Policy, etc. | | OWASP | We are following the OWASP Developer Guide to reduce risk of being subject to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi). | | QA | Our Quality Assurance (QA) department reviews and tests our application continuously, to look for bugs and vulnerabilities that might cause a security risk. | | Separate Environments | Testing and staging environments are logically separated from the Production environment. No actual Service Data is used in the development or test environments. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developers.socialboards.com/docs/security/application-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.