Authentication & Security

CredVault provides a robust, enterprise-grade authentication system designed to secure your data while remaining incredibly frictionless for your users.

Authentication Methods

We support several authentication methods that can be used independently or in combination to secure your applications:

1. Email & Password

The traditional authentication method, bolstered by rigorous password hashing (bcrypt) and Brute-Force protection.

Allow users to sign in with their existing Google accounts. This heavily reduces friction during onboarding and increases conversion rates. Configured seamlessly via your Dashboard.

3. WebAuthn (Passkeys & Biometrics)

CredVault provides out-of-the-box support for the WebAuthn standard. This allows users to authenticate using biometric sensors (TouchID, FaceID) or hardware security keys (YubiKey) for unphishable security.

FIDO2 Certified: Fully compliant with FIDO2 standards.
Biometric 2FA: Use as a second factor instead of insecure SMS OTPs.
Passwordless: Coming soon, the ability to completely drop passwords for WebAuthn passkeys.

Advanced Security Policies

Administrators have extensive control over how users access the system:

Session Management: Automatically invalidate concurrent sessions or enforce idle timeouts.
MFA Enforcement: Force all users or specific roles to enable Multi-Factor Authentication (OTP or WebAuthn).
IP Allowlisting: Restrict API and Dashboard access to specific corporate IP addresses.
Audit Logging: Every authentication event (success, failure, MFA challenge) is recorded immutably in your account's Audit Log for compliance reporting.

Best Practices

When integrating CredVault Authentication into your applications: