Every security feature is included on every plan. Because protecting your users shouldn't depend on your budget.
Every tenant gets a unique 2048-bit RSA keypair. Tokens are signed with RS256 — asymmetric cryptography that lets anyone verify but only AuthFI can sign.
Passwords are hashed with bcrypt at cost 10. We never store plaintext. Even if the database leaks, passwords remain protected.
Every password is checked against the HaveIBeenPwned database using k-anonymity — we never send the full password over the network.
Configurable lockout after failed attempts. IP-based rate limiting. Account lockout duration is customizable per tenant.
Per-IP rate limiting on all auth endpoints. Prevents credential stuffing, account enumeration, and API abuse.
TOTP-based MFA with backup codes. Configurable per tenant — optional, encouraged, or required for all users.
Refresh token rotation with family detection. If a stolen refresh token is reused, the entire family is revoked.
All sensitive data (OAuth tokens, SAML certificates, LDAP credentials) encrypted with AES-256-GCM before storage.
Your data is protected at every layer.
Built by developers who believe enterprise-grade security shouldn't cost enterprise-grade prices. AuthFI is proudly built in India, serving developers worldwide.