Skip to main content

Threat models and security profiles

Threat modeling is essential for securing a system like Ory Identities. This document provides guidelines for identifying and analyzing threats and implementing security measures for Ory Identities.

Working with and managing software that stores personal information carries risk. It's important to identify threats and understand the system's attack surface, the likelihood, and the impact of an attack.

In the case of Ory Identities, threats could include hackers or malicious insiders who may try to steal or manipulate personal information. To protect against these threats, it's important to properly configure Ory and implement appropriate security measures, such as strong authentication and access controls. Regular monitoring and timely response to security incidents are also crucial.

Digital identity guidelines

There is no universally accepted standard for digital identity.
Ory follows Digital Identity Guidelines established by the National Institute of Standards and Technology (NIST).
These guidelines are accompanied by a FAQ that provides additional information and answers to common questions.

Defenses against brute-force attacks

Ory Network provides Ory Identities with protection against brute-force attacks by rate limiting requests to API public endpoints, for example login and registration endpoints.

When self-hosting the Ory Kratos Identity Server, it's the responsibility of the administrator to implement and manage rate limiting or other measures to ensure the security of the network.

Defenses against cross-site request forgery

Cross-site request forgery (CSRF or XSRF) is a type of attack where a malicious site tricks a user's browser into sending a request to another site without user consent. This can occur even without a user session in a login CSRF attack. In the context of Ory Identities, it is an attack vector that can be exploited to gain unauthorized access to a user account or perform actions on their behalf.

To protect against these attacks, Ory Identities uses multiple countermeasures, including the sameSite attribute as well as a dedicated anti-CSRF cookie using the synchronizer token pattern. The protected APIs are mainly the endpoints that accept the POST, DELETE, or PUT methods. For example, when an app renders a form, a <input type="hidden" name="csrf_token" value="..."> HTML input element is added. Ory Identities compares that value to the value set in the anti-CSRF cookie. If the values match, the request is allowed.

Password policy

To learn more about setting up a secure password policy, refer to the password policy page for instructions and best practices.