We get this question often, and there are good reasons to be skeptical of companies offering services in the cryptocurrencies and digital asset space. To alleviate such concerns regarding the security of this platform, we've put together the following list of measures in place to protect our users' accounts from unauthorized access:
- Quadency offers two factor authentication on all user accounts.
- Strong passwords are required for every user account.
- All sensitive user information is encrypted both in transit and at rest. Quadency uses AWS, AWS has a proven track record for physical security and internal controls. More information can be found here.
- User Passwords are stored encrypted using Bcrypt as per industry standards.
- Exchange API keys are stored encrypted using Bcrypt as per industry standards and only decrypted when syncing account information or when the user performs actions against their linked accounts.
- Quadency uses world-class standards to shield your data from unauthorized intrusion. It is always protected with multiple layers of encryption (256-bit encryption over the network). All website data is transmitted over encrypted Transport Layer Security (“TLS”) connections (i.e., HTTPS).
- Quadency leverages the content-security policy (“CSP”) and HTTP Strict Transport Security (“HSTS”) features in modern browsers.
- We use Amazon Web Services to mitigate potential distributed denial-of-service (“DDoS”) attacks and use AWS WAF to mitigate any attacks on applications for defense in depth.
- Rate limits and ReCaptcha are in place to thwart brute-force and automated scripting attacks.
- Admin panels are not exposed to public and only few authorized people have access to it.
- Quadency conducts regular pen-testing of applications and infrastructure as per OWASP top 10 standard and compliance to these standards is tested before each and every code deployment to make sure production code is vulnerability free.
Further, we ask users not to reuse their Quadency password on other sites and generate exchange API keys with limited permissions granting our systems only the access required by the user.