6️⃣ Security Requirements | Notion

Last Updated: March 1, 2026

Security Architecture

Herald implements defense-in-depth security with multiple layers of protection.

Note: Rate limiting is planned for Post-MVP (Phase 2). Current MVP focuses on core authentication security.

Authentication Security

BetterAuth with Firestore

✅ Implementation

Use BetterAuth for all credential management
Firestore adapter for user data storage
Never store passwords in application code
Leverage BetterAuth's built-in security features

✅ Password Policies

Minimum 8 characters
Must include: uppercase, lowercase, number, special character
Enforced via Zod validation and BetterAuth settings

✅ Email Verification

Required before first login