# Authentication & Security

{% hint style="info" %}
Operator and jurisdiction: BASIS is operated by BASIS DIGITAL INFRASTRUCTURE LTD, a Seychelles IBC (LEI: [254900IX2F2KCWNSSS64](https://lei.bloomberg.com/leis/view/254900IX2F2KCWNSSS64)).
{% endhint %}

BASIS uses passwordless login and enforces strict session controls. Every account follows the policies on this page. These controls operate within an institutional-grade security and service management framework maintained by an internationally certified operator.

***

## 1. Passwordless Login

BASIS does not use usernames and passwords.

Login uses email-based one-time verification codes (OTP):

{% stepper %}
{% step %}
Enter your email address on the login screen.
{% endstep %}

{% step %}
BASIS sends a 6-digit verification code to your email.
{% endstep %}

{% step %}
Enter the code to access your account.
{% endstep %}
{% endstepper %}

This reduces common password-related attack vectors such as credential stuffing, password reuse, and brute-force attempts.

{% hint style="warning" %}
BASIS will never ask for your password, seed phrase, or private key.
{% endhint %}

***

## 2. Verification Code Validity

| Property        | Value                                                      |
| --------------- | ---------------------------------------------------------- |
| Code length     | 6 digits                                                   |
| Validity period | 10 minutes from issuance                                   |
| Reusable        | No, single use only                                        |
| Scope           | Valid only for the login session in which it was requested |

After the validity window closes, the code no longer works. A new login request generates a new code.

{% hint style="info" %}
If you receive a verification code email that you did not request, you can ignore it. No account access occurs unless the code is entered successfully.
{% endhint %}

***

## 3. Single Active Session Policy

BASIS enforces a Single Active Session Policy:

* When the same account logs in from another device or browser, BASIS terminates the existing session.
* Only the most recent session remains active.
* If your session is terminated, log in again to continue.

This control limits concurrent account access and reduces session-sharing risk.

***

## 4. Login Notifications

BASIS sends a one-time verification code to your email for each login. There is no separate login notification email. If you did not request a login code, do not enter it and contact <support@basis.pro> immediately.

***

## 5. Your Security Responsibilities

You remain responsible for the security of your login environment.

* Protect your email account. OTP delivery depends on inbox security. Enable 2FA with your email provider.
* Do not share verification codes. BASIS support will never ask for your OTP.
* Log out on shared or public devices after each session.
* Report suspicious activity immediately to <support@basis.pro>.

{% hint style="success" %}
Your email account is the primary access control layer for BASIS. If your email is compromised, your account may be at risk.
{% endhint %}

***

## 6. Platform Security Principles

BASIS applies the following controls through an institutional-grade operating model supported by BASIS DIGITAL INFRASTRUCTURE LTD's active ISO/IEC 27001:2022 and ISO/IEC 20000-1:2018 management system certifications.

| Principle                       | Implementation                                                                                                                                 |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| OTP-based authentication        | No stored passwords. Each login requires a fresh code                                                                                          |
| Single active session           | Concurrent sessions are not permitted                                                                                                          |
| Login environment alerts        | Email notifications for login events                                                                                                           |
| Anomaly detection               | Automated systems monitor unusual access patterns                                                                                              |
| Deterministic infrastructure    | State-machine risk controls, math-constrained execution paths, and deterministic session handling                                              |
| Institutional-grade systems     | N+1 bare-metal failover and BHLE infrastructure                                                                                                |
| Information security governance | Security processes operated within the ISO/IEC 27001:2022 certified Information Security Management System of BASIS DIGITAL INFRASTRUCTURE LTD |
| IT service management           | Service operations managed within the ISO/IEC 20000-1:2018 certified IT Service Management System of BASIS DIGITAL INFRASTRUCTURE LTD          |

***

## 7. BHLE Cryptographic Asset Enclave

BHLE is BASIS’s proprietary routing and execution infrastructure, designed for deterministic execution, structural alpha capture, and controlled system isolation.

Core properties include:

* Sub-50μs latency
* 100K+ OPS throughput capacity
* Proprietary routing infrastructure
* State-machine risk controls
* Math-constrained execution paths

The Cryptographic Asset Enclave is designed so that:

* User assets reside in a mathematically isolated environment.
* Asset control remains logically separated from the execution layer.
* BHLE generates execution instructions without direct signing authority.
* Sensitive authorization boundaries are isolated from central platform orchestration.

This design helps ensure that execution infrastructure and asset authorization remain separated by system constraints rather than operator discretion alone.

{% hint style="info" %}
BASIS security architecture is informed by research collaboration with Base58 Labs and emphasizes deterministic execution, bounded system behavior, and infrastructure-level fault isolation. These principles operate within BASIS DIGITAL INFRASTRUCTURE LTD's active ISO/IEC 27001:2022 certified Information Security Management System and ISO/IEC 20000-1:2018 certified IT Service Management System, with public verification available through IAF CertSearch.
{% endhint %}

***

## 8. Security Contact

{% hint style="info" %}
**Account Security** For account security concerns, suspicious login activity, or access-related issues, contact: <support@basis.pro>
{% endhint %}

{% hint style="warning" %}
**Legal & Compliance** For legal or compliance matters related to account access: <legal@basis.pro> · <compliance@basis.pro>
{% endhint %}

***

These security policies may be updated as the platform evolves. Material changes will be announced via the Changelog and, where applicable, by email notification.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.basis.pro/getting-started/authentication-and-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.