Marfeel employs the following 3 login mechanisms on Insight:
- Login and password
- Authentication via Google OAUTH process
- SSL Certificate
The first is universal for all users with access to Insight, whereas the authentication via Google OAUTH and SSL certificates are for internal Marfeel users.
Login and Password
We store user passwords using a summary hash function to ensure that our users' passwords cannot be compromised or reverse engineered.
As we use an asymmetric encryption algorithm, we also don't maintain or have the passwords on our end and is why users can't directly recover them. This is why we use a change password mechanism where a user receives an email to enter a new password.
Insight displays the following messages to differentiate between an incorrectly entered username or password:
If an incorrect username (that is, the email address associated with the account) is entered, the following error message is displayed indicating that the username entered does not exist.
If an correct username but an incorrect password is entered, the following error message is displayed.
At the moment, Google OAUTH protocol for authentication and authorization to share private information is only available and applicable to internal Marfeel agents.
SSL certificates are only available to Marfeel employees and used to avoid compromising any sensitive customer information.
This certificate also gives our developers access to the source code so they can push new features and changes into production.
There are different authorization levels encoded on the certificate depending on the Marfeel employee's role and responsibilities.
In case a Marfeel computer is stolen, our security team can immediately revoke the certificate to prevent any information from being compromised.