Application security
Authentication Security
Authentication Options
For admins/agents in Socialboards Inbox, we offer Socialboards sign-in with forced (optional) 2-factor authentication. We can also offer Google Authentication and Azure AD SSO for clients that request these features.
Password Policy
The Socialboards sign-in has a password policy, following modern security standards. The password is not configurable, and most consist of 8-characters including Upper-case letters, numbers and special characters.
Two-factor authentication (2FA)
If you are using Socialboards sign-in on your Socialboards Inbox, you can turn on 2-factor authentication (2FA) for agents and admins. Socialboards supports SMS through our vendor Twilio, in addition to the Google Authentication app for generating passcodes.
Secure Credential Storage
Socialboards follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
API Security & Authentication
The Socialboards Inbox API is SSL/TLS-only.
Secure development
Data Protection Program
All employees - including developers - are obligated to participate in our GDPR Data Protection Program. It consists of a 9-part course, including subjects such as Data Privacy, Security Policy, Risk Management Policy, etc.
OWASP
We are following the OWASP Developer Guide to reduce risk of being subject to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi).
QA
Our Quality Assurance (QA) department reviews and tests our application continuously, to look for bugs and vulnerabilities that might cause a security risk.
Separate Environments
Testing and staging environments are logically separated from the Production environment. No actual Service Data is used in the development or test environments.
Last updated