innius has a layered security architecture, combining identification, authentication, and authorization:
- The password protection is related to identification and authentication.
- Access to data must pass authorization checks as well.
- Next to that, the user authentication subsystem uses internet standards for authentication, such as OAuth.
In our judgement, the combination of these elements provides enough protection. We also chose an architecture that allows stronger authentication mechanisms for example multi-factor authentication (MFA).