Security is no easy topic to talk about. There are many ways to explore vulnerabilities in a web site. To address that we follow security guidelines and use well known and tested tools to reduce risks. Although writing code that is robust and tested against vulnerabilities is essential for secure applications, it's well known that social engineering is many times the weakest link in the chain. For that, we enforce tools and practices that tackle this kind of problem.

From servers to email, wherever possible we require the use of 2-factor auth.

Every password should be generated randomly and managed by a tool. Humans are not good in neither of these tasks. Everyone in the team is required to create and store passwords using LastPass.

Every once in a while it's necessary to transfer security sensitive information such as passwords to clients. Use GPG to encrypt that kind of information before sending it through insecure channels (a.k.a. any non physical medium).

Linux Users. We recommended GPA, a graphical interface for GnuPGP. Follow this tutorial to install and learn the basics.

Mac Users. PGP tools is easy to install and use.