-
Notifications
You must be signed in to change notification settings - Fork 3
Notes from meeting with Arlene #55
Copy link
Copy link
Open
Description
Arnav210
opened on Jun 12, 2026
Issue body actions
- assess password
- outsource to OIDC (social logins, involves trusting another source to verify an identity) or OAUTH
- could and should integrate with business sign up
- if it becomes a mobile app, go passwordless and use biometric type things
- need 2FA
- ideally, shouldn't be storing data ourselves but should be encrypting it; however, store in a directory server or something close and should be secured
- have cloud provider turn on security features for route data
- Daily Routine backend cloud
- use ip from browser header to add delay between creating accounts
- make website/app not depend on browser speed because it is slow
- penetration test development
- protect production and testing environment
- protect directory
- think about cross-site scripting and injection
- use the web application firewall
- protect admin accounts, potentially move them to a separate database, definitely need multiple factor authentication
- don't need to worry about the open traffic data
- consider using amazon cognito for data storage
- amazon also has multifactor authentication services, so definitely use them
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels