Security

Your safety is our top priority. We have taken many steps to ensure our users have choice when it comes to securing their accounts. We have also taken steps to ensure that our users are aware of the risks associated with using Solarius.

Account security

Passwords

Solarius does not store your password in plaintext. We use a one-way hashing algorithm to store your password. This means that even if our database is compromised, your password will not be revealed.

When creating a password, we recommend:

  • Using a password manager to generate a random password if possible
  • Using a password that is at least 12 characters long
  • Using a password that is not used anywhere else
  • Use a mix of uppercase and lowercase letters, numbers, and symbols
  • Do not include personal information in your password

Two-factor authentication

Solarius supports two-factor authentication (2FA) using the TOTP standard. We recommend using 2FA to secure your account. You can enable 2FA in your account settings.

API keys

Solarius supports API keys for programmatic access to your account. API keys cannot be viewed after they are created, so make sure to store them in a safe place. You can create API keys in your developer settings.

Email verification

A safety feature we have implemented is email verification. If you log in from a new device, we will send you an email with a verification link. You will not be able to use your account until you verify your email.

Security risks

In a cyber world, there are many risks that you should be aware of. We have taken steps to mitigate these risks, but you should still be aware of them.

Phishing

Phishing is a common attack vector. Phishing is when an attacker sends you a link that looks like a legitimate website, but is actually a fake website. The attacker will then steal your credentials when you log in.

To prevent phishing, we recommend:

  • Checking the URL of the website you are on
  • Checking the SSL certificate of the website you are on
  • Checking the email address of the sender
  • Checking the email headers of the email

Malware

Malware can be used to steal your credentials. Malware can be installed on your computer by visiting a malicious website, downloading a malicious file, or opening a malicious email attachment.

To prevent malware, we recommend:

  • Using an antivirus program
  • Keeping your operating system up to date
  • Keeping your web browser up to date
  • Keeping your email client up to date
  • Keeping your other software up to date

Social engineering

Social engineering is when an attacker tricks you into giving them your credentials. This can be done by pretending to be someone else, or by pretending to be a legitimate company.

To prevent social engineering, we recommend:

  • Being skeptical of emails from unknown senders

Physical access

Physical access is when an attacker has physical access to your computer. This can be done by stealing your computer, or by gaining access to your computer through a backdoor.

To prevent physical access, we recommend:

  • Keeping your computer in a secure location
  • Keeping your computer locked when you are not using it