Magic Link Authentication
OGForge uses passwordless authentication via magic links sent to your email. This is a secure, modern authentication method used by many trusted services.
- Magic links are single-use and expire after 15 minutes
- Tokens are cryptographically hashed and stored securely
- Links can only be used once and are invalidated after login
- Sessions expire after 7 days for your security
Is OGForge Safe?
Yes. OGForge is a legitimate service for generating Open Graph images. If you received a security warning from your browser, this may be because:
- Our domain is new and still building trust signals with browsers
- Magic link tokens can sometimes trigger automated phishing detection
- Authentication URLs with long tokens may match phishing patterns
We take security seriously and follow industry best practices for authentication and data protection.
Data Security
- All connections use HTTPS/TLS encryption
- API keys are hashed before storage (bcrypt)
- Session tokens are stored with httpOnly cookies
- Database credentials are never exposed to clients
- Payment processing handled securely by Stripe
Security Headers
OGForge implements security headers to protect against common web vulnerabilities:
- Content Security Policy (CSP)
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options (clickjacking protection)
- X-Content-Type-Options (MIME sniffing protection)
Verify Our Domain
You can verify OGForge's legitimacy:
- Check our domain:
ogforge.io - Verify SSL certificate in your browser
- Review our open-source code (available on request)
- Report security issues: security@ogforge.io
- General support: support@ogforge.io
Responsible Disclosure
If you discover a security vulnerability, please report it to us at security@ogforge.io. We appreciate responsible disclosure and will respond promptly.