CQCodeQuester

Security & Privacy

How CodeQuester protects your account when you sign up, log in, and pay.

Your credentials are safe

Regular users sign in at /login. We built sign-in so your secrets stay yours.

  • Passwords — hashed with bcrypt (12 rounds). We never store or log your plain password. Staff cannot read it.
  • Google & Discord — OAuth only. You authenticate with Google/Discord directly; we receive a secure token, not your password.
  • Payments — Stripe handles all card data. CodeQuester never sees full card numbers.

Password reset links expire in 1 hour and are single-use. Sessions use secure HTTP-only cookies.

Password Hygiene

Use a password manager, enable passkeys where available, and never reuse passwords across sites. Enable MFA on your email and Discord accounts.

Phishing Defense

We only email from @codequester.com. Verify sender addresses, hover links before clicking, and report suspicious messages in Discord #support.

Discord @Buyer role

Link Discord on your account, then purchase on the site — you automatically get the @Buyer role in our server (when configured). No extra login needed.