KuppingerCole’s newest report on “Passwordless Authentication for Consumers” includes FUTURAE! The right time to integrate the future is now. Start here!

We value your privacy

We use cookies to improve your experience on our site through website traffic analysis. To find out more, read our updated privacy policy.

Security

Security and Privacy are at the core of our business

Build trust, not inconvenience. The Futurae Platform authenticates your users, however you want it.

security

Security Principles and Philosophy

State-of-the-art cryptography

Implement only publicly vetted cryptographic algorithms and protocols in order to protect sensitive information in transit, as well as at rest.

Defense-in-depth

Follow a layered approach in security in order to minimize the chances of a successful attack.

Need-to-know & minimize attack surface

Expose functionality and information only to the entities that need to access it.

Four-eyes principle

Always require at least two people to approve security-sensitive activities or information.

Pentesting

We build all our systems with all the necessary precautions and following the best industry standards, such as the OWASP security engineering guidelines. But there’s no better way to test a system than getting the real bad guys to break it. Futurae routinely mandates third parties to perform gray-box pen-testing on all our systems:

  • Backend: all the authentication and admin APIs
  • Admin Dashboard: the tool that our customers love and use to manage their cloud instances
  • Mobile Apps: the security key for all our users

Not only do we work hard to fix anything that might be found, we are also incredibly open and share the reports with our customers.

And that’s not all, we enable our customers to mandate their own preferred pentesters to try and break our security.

cryptography
cloud

Cloud Security

Too often the cloud is seen with a skeptical eye from companies. We’re here to convince you otherwise.

We partner with the best providers in the world to guarantee that customers' data remain available, and safe. Some of the great features and guarantees:

  • European and Swiss provider, no data shared with overseas entities
  • Redundant data-centers for zero-downtime deployments
  • ISO 9001:2008, ISO/IEC 27001:2013, PCI DSS 3.2, SOC-1 type II, SOC-2 type II, Finma compliant
  • 24x7 Active monitoring from world-wide vantage points
  • 24x7 cascading alerting to the DevOps Team
gdpr ieee nist psd w3c webauthn iso-security

Want to learn more about our security guarantees?

Get in touch with our security experts