Security

Introduction

At Quetzal, we prioritize the security and privacy of our web application. We employ robust encryption methods and adhere to strict privacy policies to ensure the safety of your data. This document outlines the specific security practices and measures we have implemented to protect our users and their information.

Key Security Practices

1. Passwordless Authentication

We do not use passwords for authentication. Passwords, while common, are often a weak link in security due to their susceptibility to being stolen or guessed. Instead, we utilize more secure methods to ensure that only authorized users can access their accounts.

2. Use of Passkeys

Passkeys are a key part of our security. These are strong cryptographic tokens that provide a more secure and user-friendly way to access our services compared to traditional passwords. Passkeys are resistant to phishing, allow us to verify the presence of a user, and can be used to validate specific transactions (i.e., they are less susceptible to replay attacks).

3. Communication Channels

Quetzal does not use SMS or phone calls to contact you. Any official contact will be done via Slack, or we will invite you to contact us via email. This ensures that all communications are secure and that users can be added upfront, enhancing overall security. Quetzal will never ask you for sensitive personal information or to withdraw money from your account. If customers are concerned about any contact they've had, they should email support at support@quetzal.finance, and we will contact you to address any issues.

Managing Security in Your Dashboard

Users can manage their security settings directly from the dashboard. Here are the steps to access and modify your security settings:

1. Click on your user icon at the bottom left of the dashboard.
2. Navigate to Settings.
3. Go to the Security tab.
4. Here, you can add or update your passkeys and change your PIN.