Authenticate
Sign in to Securitor
Email + authenticator. We’ll mail a one-time link to confirm your address; you’ll set up (or enter) a 6-digit code from your authenticator immediately after.
No passwords, no tracking. The link is one-time and expires in 15 minutes.
On enrollment policy
Why we ask for a second factor before you have an account.
Securitor exists to make security findings citable, signed, and admissible. The same posture has to apply to our own front door. The audit panel will read the literal contents of your source code — secrets, intellectual property, vulnerabilities not yet patched.
We will not stand behind a report whose author was authenticated only by an email address. Email accounts get forwarded, scanned by corporate gateways, leaked in unrelated breaches, and recovered through helpdesks that ask security questions a determined attacker can answer.
A second factor — held by a device on your person, refreshed every thirty seconds — raises that bar to something we are willing to put a seal on. We ask it of you because we ask it of ourselves.
DOC-AP-001 · Authentication Policy · Effective MMXXVI