Security

How TrustMFT protects your data and your account.

Authentication

Password Policy

All TrustMFT accounts are protected by a strong password policy. Passwords must be at least:

• 12 characters long
• Contain at least one uppercase letter
• Contain at least one lowercase letter
• Contain at least one digit
• Contain at least one special character (e.g., !@#$%)

Passwords are stored using ASP.NET Core Identity's adaptive hashing (PBKDF2 with HMAC-SHA512).

Multi-Factor Authentication (MFA)

TrustMFT supports TOTP-based MFA (Time-based One-Time Passwords), compatible with:

• Google Authenticator
• Microsoft Authenticator
• Authy
• Any RFC 6238-compliant authenticator app

Administrators can require MFA for all users in their tenant. When enabled, users who have not completed MFA setup will be redirected to the setup page on their next login.

Account Lockout

After 5 consecutive failed login attempts, an account is locked for 15 minutes. This applies to both the web portal and the SFTP server independently. The lockout resets automatically after the timeout period.

Session Security

Authentication cookies are configured with:

• HttpOnly — not accessible by JavaScript
• Secure — transmitted only over HTTPS
• SameSite: Strict — protects against CSRF attacks

Data Encryption

In Transit

All web portal traffic is encrypted using TLS 1.2 or higher. SFTP connections use SSH encryption. Unencrypted connections are automatically redirected to HTTPS.

At Rest

Files are stored in Azure Blob Storage with server-side encryption (AES-256) enabled by default. Encryption keys are managed per tenant and stored in Azure Key Vault, providing hardware-backed key protection.

IP Allowlisting

Administrators can restrict client access to specific IP address ranges using CIDR notation. When an allowlist is configured for a client, any request originating from an IP address outside the allowed ranges will be denied with a 403 Forbidden response. This applies to both web portal and API access.

Both IPv4 and IPv6 CIDR ranges are supported (e.g., 10.0.0.0/8, 2001:db8::/32).

Malware Scanning

Every uploaded file is automatically submitted for malware scanning before it becomes available for download. During scanning, the file shows a Scanning status. Once cleared, it moves to Ready. Files that fail the scan are quarantined and marked Quarantined — they cannot be downloaded and are flagged for administrator review.

Role-Based Access Control

TrustMFT enforces strict role-based access at every layer:

Audit Logging

TrustMFT maintains a comprehensive audit trail of platform activity, including:

• Login and logout events (success and failure)
• File uploads, downloads, and deletions
• Folder creation and deletion
• Administrative actions (user/client/tenant changes)
• SFTP session events
• Quarantine events

Each audit record captures the user, timestamp, IP address, protocol (HTTP/SFTP), and action outcome. Logs can be exported as CSV for compliance purposes.

Rate Limiting

To protect against abuse, TrustMFT enforces rate limits on key endpoints:

• Login: 5 attempts per minute per IP
• Sign Up: 3 attempts per 5 minutes per IP
• File Upload: 10 requests per minute per user
• General API: 60 requests per minute per user

Requests exceeding these limits receive a 429 Too Many Requests response.

Infrastructure Security

TrustMFT is hosted on Microsoft Azure and benefits from Azure's enterprise security posture:

• Azure SQL Database with Active Directory authentication (no SQL passwords)
• Azure Key Vault for secrets and encryption key management
• Network isolation via Virtual Networks and subnets for the SFTP container
• Application-level security headers enforced by middleware (CSP, HSTS, X-Frame-Options, etc.)
• Application Insights for telemetry and anomaly detection