search

Authentication & Security

circle-info

Operator and jurisdiction: BASIS is operated by BASIS DIGITAL INFRASTRUCTURE LTD, a Seychelles IBC (LEI: 254900IX2F2KCWNSSS64arrow-up-right).

BASIS uses passwordless login and enforces strict session controls. Every account follows the policies on this page. These controls operate within an institutional-grade security and service management framework maintained by an internationally certified operator.

hashtag
1. Passwordless Login

BASIS does not use usernames and passwords.

Login uses email-based one-time verification codes (OTP):

1

Enter your email address on the login screen.

2

BASIS sends a 6-digit verification code to your email.

3

Enter the code to access your account.

This reduces common password-related attack vectors such as credential stuffing, password reuse, and brute-force attempts.

circle-exclamation

BASIS will never ask for your password, seed phrase, or private key.

hashtag
2. Verification Code Validity

Property
Value

Code length

6 digits

Validity period

10 minutes from issuance

Reusable

No, single use only

Scope

Valid only for the login session in which it was requested

After the validity window closes, the code no longer works. A new login request generates a new code.

circle-info

If you receive a verification code email that you did not request, you can ignore it. No account access occurs unless the code is entered successfully.

hashtag
3. Single Active Session Policy

BASIS enforces a Single Active Session Policy:

  • When the same account logs in from another device or browser, BASIS terminates the existing session.

  • Only the most recent session remains active.

  • If your session is terminated, log in again to continue.

This control limits concurrent account access and reduces session-sharing risk.

hashtag
4. Login Notifications

BASIS sends login notifications by email that include:

  • Browser used

  • Operating system

  • Access environment details such as Chrome on Windows

Use these alerts to identify login activity you did not initiate.

triangle-exclamation

If you receive a login notification for activity you did not perform, contact support immediately at [email protected]envelope.

hashtag
5. Your Security Responsibilities

You remain responsible for the security of your login environment.

  • Protect your email account. OTP delivery depends on inbox security. Enable 2FA with your email provider.

  • Do not share verification codes. BASIS support will never ask for your OTP.

  • Log out on shared or public devices after each session.

  • Report suspicious activity immediately to [email protected]envelope.

circle-check

Your email account is the primary access control layer for BASIS. If your email is compromised, your account may be at risk.

hashtag
6. Platform Security Principles

BASIS applies the following controls through an institutional-grade operating model supported by BASIS DIGITAL INFRASTRUCTURE LTD's active ISO/IEC 27001:2022 and ISO/IEC 20000-1:2018 management system certifications.

Principle
Implementation

OTP-based authentication

No stored passwords. Each login requires a fresh code

Single active session

Concurrent sessions are not permitted

Login environment alerts

Email notifications for login events

Anomaly detection

Automated systems monitor unusual access patterns

Deterministic infrastructure

State-machine risk controls, math-constrained execution paths, and deterministic session handling

Institutional-grade systems

N+1 bare-metal failover and BHLE infrastructure

Information security governance

Security processes operated within the ISO/IEC 27001:2022 certified Information Security Management System of BASIS DIGITAL INFRASTRUCTURE LTD

IT service management

Service operations managed within the ISO/IEC 20000-1:2018 certified IT Service Management System of BASIS DIGITAL INFRASTRUCTURE LTD

hashtag
7. BHLE Cryptographic Asset Enclave

BHLE is BASIS’s proprietary routing and execution infrastructure, designed for deterministic execution, structural alpha capture, and controlled system isolation.

Core properties include:

  • Sub-50μs latency

  • 100K+ OPS throughput capacity

  • Proprietary routing infrastructure

  • State-machine risk controls

  • Math-constrained execution paths

The Cryptographic Asset Enclave is designed so that:

  • User assets reside in a mathematically isolated environment.

  • Asset control remains logically separated from the execution layer.

  • BHLE generates execution instructions without direct signing authority.

  • Sensitive authorization boundaries are isolated from central platform orchestration.

This design helps ensure that execution infrastructure and asset authorization remain separated by system constraints rather than operator discretion alone.

circle-info

BASIS security architecture is informed by research collaboration with Base58 Labs and emphasizes deterministic execution, bounded system behavior, and infrastructure-level fault isolation. These principles operate within BASIS DIGITAL INFRASTRUCTURE LTD's active ISO/IEC 27001:2022 certified Information Security Management System and ISO/IEC 20000-1:2018 certified IT Service Management System, with public verification available through IAF CertSearch.

hashtag
8. Security Contact

For account security concerns, suspicious login activity, or access-related issues, contact:

For legal or compliance matters related to account access:

These security policies may be updated as the platform evolves. Material changes will be announced via the Changelog and, where applicable, by email notification.

PreviousOnboarding (Email + MPC)NextWallet Model (Funding vs Staking)

Last updated