We wrote Rhino Accounts using the latest, industry-standard security technology available today:
- Communication to and from Rhino Accounts is encrypted using HTTPS.
- Information stored in Rhino Accounts is encrypted using 256-bit Advanced Encryption Standard. Each encryption key is itself encrypted with a regularly rotated set of master keys.
- Passwords are stored using Password-Based Key Derivation Function 2 to make brute-force password decryption difficult.
- Rhino Accounts is based on the OpenID Connect protocol.
- Rhino Accounts works only with actively supported web browsers: Internet Explorer 11 and higher, or the latest version of Chrome, Firefox, Opera, Safari, and Edge. Modern browsers reduce the risk of cross-site scripting (XSS) and help mitigate cross-site request forgery (XSRF) attacks.