Secure User Access

401KInABox account passwords are encrypted, salted, and hashed multiple times before being stored in the database. Industry-standard authentication practices, including SSL, are employed.

Permissions Based Controls

401KInABox gives sponsors full control over who can view and modify plan and participant information.

401KInABox operates using a system of user roles and access permissions. Sponsors can add third-party administrators, including administrators and bookkeepers who may have access to various 401KInABox plans.

Database Encryption

401KInABox’s database infrastructure is encrypted both before data insertion and while at rest. If whole-database encryption is not needed, highly granular encryption options are available to protect specific information. User accounts, identifiable data, and even individual field values can be encrypted separately. The encryption system is designed to comply with the strictest PCI and state privacy laws.

2-Factor Authentication

401KInABox safeguards against brute-force password attacks by restricting the number of login attempts from a single source within a set timeframe. All failed login attempts are logged and can be viewed on our in-house response dashboard. Additionally, 401KInABox can be configured to enable administrators to ban individual IP addresses and address ranges.

Risk Mitigation

401KInABox includes features that address all of the Open Web Application Security Project’s (OWASP) top ten security risks, which are the most commonly encountered risks in practice. We continuously prevent and test for all these risks to ensure ongoing security.