Jan 29, 2024
Securing your users data and their digital assets is our top priority at Privy. To that end, we’ve written our secure app setup guide, which details our list of recommendations to keep your app and your users’ assets as secure as possible. This guide reflects industry best practices as well as lessons learned from collaborating with many of the most thoughtful teams in the market, like Friendtech, OpenSea, and Zora. Here’s a quick peek.
Our guide recommends four foundational focus areas for your integration:
Configuring secure settings in the Privy dashboard: Privy offers a number of features to help you secure your app through the user’s lifecycle. Some of these features should be enabled for all applications before they launch, this includes:
Restricting login methods to those you use
Protecting your developer credentials: It’s important to protect your credentials to avoid unauthorized access to your developer account, notably via managing admin access and storing your app secret securely.
Educate your users about security: This may be the toughest recommendation yet but helping your users understand and recognize threats is within your power. Let your users know the range of interactions they can expect from your app and the ways you will communicate with them. This includes telling them in email footers and on your site that you will never reach out to ask them for private information; this includes having consistent UIs and patterns around sensitive actions so departure from these standards will tip them that something is afoot, as well as linking to good resources around web security in an FAQ on your site. Let them know what to expect so they aren’t caught unaware.
Check out the full guide to see our list of baseline setup recommendations on each of these fronts.
Security is a full team sport and we are here to help. In the coming weeks we’ll be releasing an updated Privy dashboard to help you set best practices in motion as you launch your app!
If there are additional security measures you’d like to see us recommend to our customers, please reach out at [email protected] to let us know.
Privy operates in a rapidly evolving threat landscape, and our security work is continuous. You can read up more on our blog as well, for instance in this series on wallets and security: