Defense in depth, every layer audited

AuthForge ships Argon2id password hashing with an optional server-held pepper, Ed25519-signed JWTs with clean key rotation, constant-time comparisons, brute-force lockouts, and zero data egress � your identities never leave your perimeter.

For policy details see our Security Policy and disclosure process.