Identity & Security Standards

Protect your project, your users, and yourself — by design.

Minimum Requirements

• Strong Passwords:
  All admin and service accounts must use passwords at least 12 characters long.
• Multi-Factor Authentication (2FA):
  Enable 2FA on Telegram, Discord, GitHub, email, and any other accounts with admin access.
• No Secrets in Code:
  Never commit private keys, API secrets, or passwords to your codebase. Use a secrets scanner in your CI/CD pipeline.
• Open-Source & Audits:
  Preferably open-source your code. Seek a community or third-party audit for all mainnet launches.
• KYA Prompts:
  Clearly state assumptions, risks, and user responsibilities in your app (see KYA Standard).

Recommended Tools

• Bitwarden or 1Password — Password managers
• Authy or Google Authenticator — 2FA apps
• Semgrep — Secrets scanning
• Snyk or OWASP DependencyCheck — Dependency audits

Resources

• KYA Standard
• Security Audit Checklist
• Development Standards & Best Practices