Authentication for clients | Fluid Attacks Help

Authentication for clients

Our platform only uses SSO with Bitbucket, Google and Microsoft Accounts.


Fluid Attacks platform login screen

Oauth2 protocol is used, which is an industry-standard authorization framework known for its robust security. The Oauth2 protocol only accepts login attempts from trusted URLs and issues industry-standard 2048 bytes access tokens. JSON Web Tokens (JWT) is integrated with the Oauth2 protocol to provide an additional layer of security, utilizing secure algorithms for token generation and verification.


We employ JWT with secure algorithms such as:

  1. ES512 (ECDSA with SHA-512): A strong asymmetric algorithm utilizing ECDSA (Elliptic Curve Digital Signature Algorithm) with SHA-512 for secure data encryption and digital signatures.

  2. RS512 (RSA with SHA-512): A robust asymmetric algorithm utilizing RSA public/private key pairs with SHA-512 for secure data encryption and decryption.


By implementing JWT with these secure algorithms, we maintain the highest level of protection against unauthorized access and data tampering.

We do not store any account passwords. The only personal information we store about our clients is the following:
  1. Full name (provided by Google or Microsoft)
  2. Company name and cell phone number (only if the user chooses to share them)


It is worth noting that if users lose their corporate email, they also lose access to their account on our platform. In addition, customers can easily manage who does and who does not have access to their projects.

At Fluid Attacks, we are committed to providing a secure and reliable environment for our users. Our use of Oauth2 with JWT and these strong, secure algorithms reinforces our dedication to safeguarding user data and ensuring secure access to our platform.


Requirements

  1. 034. Manage user accounts
  2. 228. Authenticate using standard protocols
  3. 319. Make authentication options equally secure