We’re currently going through a self-imposed software penetration test to ensure that our app security is solid. As part of that process, we tightened up a number of security measures to ensure that your access to Basedash is secure.

We’re also currently going through a SOC-2 audit. If you’re interested in details this, send us an email at support@basedash.com.

For more details on our app’s security in general, check out our security page here.

Here’s a list of all the changes we implemented.

• Tightened password requirements

• Tightened login attempt lockout policy

• Enforced newer versions of TLS

• Switched from using JWT tokens to session tokens

• Switched from storing authentication tokens in local storage to HTTP-only cookies

• Added invalidation of session tokens on logout

• Changed login form error to show the same message if either email or password is incorrect

• Obscured server version header

• Added HSTS to enforce SSL on recurring uses of the app

• Disabled browser cacheing of HTTP responses

• Prevented framing of app

• Implemented content-sniffing prevention

Other improvements and fixes

• Updated chart colors to avoid similar colors appearing next to each other

• Added local cacheing of home page record counts for improved performance

• Added new empty state on Home page

• Improved performance of joining workspaces through domain-based access