We get this Question often, and there are good reasons to be skeptical of companies offering services in the cryptocurrencies and digital asset trading space.
To alleviate such concerns regarding our security practices, we've put together the following list of security measures in place to protect our users's accounts and credentials from unauthorized access:
- Quadency mandates two factor authentication on all user accounts.
- Strong passwords are required for every user account.
- All sensitive user information is encrypted both in transit and at rest. Quadency uses AWS, AWS has a proven track record for physical security and internal controls. More information can be found here.
- User Passwords are stored encrypted using Bcrypt as per industry standards.
- Exchange API keys are stored encrypted using Bcrypt as per industry standards and only decrypted when syncing account information or when the user performs actions against their linked accounts.
- Quadency uses world-class standards to shield your data from unauthorized intrusion. It is always protected with multiple layers of encryption (256-bit encryption over the network). All website data is transmitted over encrypted Transport Layer Security (“TLS”) connections (i.e., HTTPS).
- Quadency leverages the content-security policy (“CSP”) and HTTP Strict Transport Security (“HSTS”) features in modern browsers.
- We use Amazon to mitigate potential distributed denial-of-service (“DDoS”) attacks and use AWS WAF to mitigate any attacks on applications for defense in depth.
- Rate limits and ReCaptcha are in place to thwart brute-force and automated scripting attacks.
- Admin panels are not exposed to public and only few authorized people have access to it.
- Quadency conducts regular pen-testing of applications/infrastructure as per OWASP top 10 standard to figure out loopholes before each and every code deployment to make sure production code is vulnerability free. Our choice of vendor for this service is AppSecure
Further, we ask users not to reuse their Quadency password on other sites and generate exchange API keys with limited permissions granting our systems only the access required by the user.