Security
Account security is Clerk's most important responsibility and the top concern of every feature we build. Maintaining best-practice account security has become too challenging and time-consuming for most organizations, and we have seen too many organizations cut corners as a result.
Clerk has a secure-by-default philosophy. Our goal is to help customers overcome as many challenges as possible without additional configuration, and we work to avoid options that may lead to an insecure application.
This documentation lists some of the many protections included with Clerk. These features do not cost extra — they are included for every application by default.
- Vulnerability disclosure policy
- XSS Leak Protection
- CSRF Protection
- Fixation Protection
- Password protection and rules
- Brute force protection and user account locking
If we are missing a protection you would like to see, please reach out to security@clerk.dev and we will get back to you right away.
Last updated on November 30, 2023