Application security

Authentication Security

Authentication Options

For admins/agents in Socialboards Inbox, we offer Socialboards sign-in with forced (optional) 2-factor authentication. We can also offer Google Authentication and Azure AD SSO for clients that request these features.

Password Policy

The Socialboards sign-in has a password policy, following modern security standards. The password is not configurable, and most consist of 8-characters including Upper-case letters, numbers and special characters.

Two-factor authentication (2FA)

If you are using Socialboards sign-in on your Socialboards Inbox, you can turn on 2-factor authentication (2FA) for agents and admins. Socialboards supports SMS through our vendor Twilio, in addition to the Google Authentication app for generating passcodes.

Secure Credential Storage

Socialboards follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.

API Security & Authentication

The Socialboards Inbox API is SSL/TLS-only.

Secure development

Data Protection Program

All employees - including developers - are obligated to participate in our GDPR Data Protection Program. It consists of a 9-part course, including subjects such as Data Privacy, Security Policy, Risk Management Policy, etc.

OWASP

We are following the OWASP Developer Guide to reduce risk of being subject to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi).

QA

Our Quality Assurance (QA) department reviews and tests our application continuously, to look for bugs and vulnerabilities that might cause a security risk.

Separate Environments

Testing and staging environments are logically separated from the Production environment. No actual Service Data is used in the development or test environments.