Skip to main content

LoginRadius Data Security

This document describes how LoginRadius infrastructure protects the data retrieved from your systems or from your users. Data encryption and protection prevent data exposure to unauthorized third parties and keeps user data and company information safe. Effective protection of this data is enforced by securing the data while in transit and at rest.

Data in transit refers to data that is actively moving between two endpoints in a system. When an user submits their data to LoginRadius servers, it must be transported from their device to LoginRadius servers. While this transportation is occurring, the data is considered to be Data in Transit. LoginRadius protects Data in Transit by using an HTTP over TLS connection to transport data.

Data at Rest is data that is stored on a database or device without active movement. This includes data stored in the cloud and on servers. LoginRadius implements measures to protect high risk Data at Rest, such as passwords and security questions, by hashing the high risk data kept within cloud servers and the database using an assortment of different hashing algorithms. All data is encrypted by LoginRadius using an AES solution. In addition, MongoDB, along with our cloud platform services on Azure and AWS, implements its own solutions to protect Data at Rest. To protect customer credentials required for third-party authentication, data is encrypted before LoginRadius uses it to authenticate an user’s session.

Data In Transit

LoginRadius provides end-to-end encryption in transit. Data is transported between LoginRadius, your systems, and the user using a secure HTTPS connection utilizing TLS 1.2. The signatures are protected using a SHA-256 with RSA encryption signing hashing algorithm. The following ciphers are supported:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA

Data in Transit

Data at Rest

When any data is stored by LoginRadius, the data is encrypted to prevent it from being read through unauthorized methods. The encryption is achieved via AES, an encryption method which uses a secret key to encrypt data. To access this encrypted data, the same secret key is required for decryption, allowing the information to be displayed in a readable format. As AES is one of the industry standard symmetric encryption algorithms, Data at Rest at LoginRadius is kept secure.

Customer third-party provider credentials are also encrypted via a secure key storage protocol with Azure Key vault during the authentication steps being processed by LoginRadius. This means when our integration platform is used as part of your workflow, provider credentials will be masked from LoginRadius but still provide the data needed to authenticate the login session.

In addition to the LoginRadius Data at Rest security measures and the usage of Azure Key Vault in handling third-party provider credentials, the cloud platforms and persistent storage utilized in the LoginRadius solution also have built-in Encryption at Rest protocols. Storage of persistent data is accomplished through MongoDB which implements their own security measures to protect Data at Rest. Our cloud platforms include both Microsoft Azure and Amazon Web Services, which provide their own implementations for protecting data at rest.

Data at Rest