We take security seriously. This article addresses some of the common questions we receive regarding security. If we are missing anything in this article, or you would like to report a security related concern, please send us an email to security@hostifi.com to let us know.
OS and Application Security Updates
- We stay up-to-date on OS and application updates for all servers
HostiFi Website
- We use Cloudflare Web Application Firewall
- All account passwords are stored securely in a hashed format
- The website does not store any passwords to your UniFi or UNMS server once you have changed your credentials on that server
SSH Access
- We use public key authentication instead of password based authentication
- We use Duo for 2FA on all of our SSH accounts
Application Logins
- We do not have an admin account on your servers
- We recommend securing your UniFi and UNMS logins with 2FA
Backups
- Nightly backups are stored for 30 days on a private DigitalOcean Spaces bucket
Internal
- Our employees are trained on security best practices
- We use long random passwords
- We use 1Password and discourage password reuse
- We use 2FA for all of our accounts wherever possible