We’ve built state-of-the-art security into our products. Learn more about our information security:

Encryption, Password Hashing

OBEK was built with best practices in mind to prevent critical identity data from falling into the wrong hands. We never store passwords as clear text - they are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted - all network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES-128-GCM and uses ECDHE-RSA as the key exchange mechanism. We use native secure storage methods to prevent other applications from accessing encrypted information stored by OBEK on your system. Any sensitive application information stored locally on your system is encrypted and stored using your operating system’s native secure storage methods, which on macOS is Keychain, on Linux it’s the Secret Service, and on Windows it’s Credential Vault.

Password Complexity

OBEK enforces password complexity of a minimum of 6 characters in length. Passwords cannot include the following: Username, Email Address, First name, or Last name. Previous five (5) passwords cannot be reused.

Account Verification

OBEK safeguards users with default email verification at account creation time and during password resets.

Anomaly Detection, Brute-force Protection

OBEK limits the amount of signups and failed logins from suspicious IP address. We send out email notifications to affected users of suspicious activity, including the option to unblock the suspicious IP address. Subsequent anomalies from an account may automatically trigger account safeguards which proactively lock an account and notify the affected user by email with instructions to reset credentials and regain access.

Attack Prevention, Mitigation

OBEK services are architected with high-availability and resilience in mind. OBEK applications have built-in rate limiting and automated blocking features to mitigate advanced denial of service or authentication attacks. Our network infrastructure is protected against volumetric attacks by our cloud providers, in addition to a dedicated DDoS mitigation service.

DNSSEC

DNSSEC is an extension to DNS that is designed to protect applications against man-in-the-middle networking attacks. OBEK’s website (obek.com) and CDN (obek.io) have DNSSEC enabled which means that origin authentication is available for clients that support it: http://dnssec-debugger.verisignlabs.com/obek.com

Subresource Integrity

Subresource Integrity is a security feature that enables browsers to verify that files they fetch are delivered without unexpected manipulation. Currently Subresource Integrity is only supported in Chrome and Firefox. Consult CanIUse for more details on client support.