Account Security

LiteWork protects your account and data with multiple security layers. Here’s how security works and what you can do to keep your account safe.

How LiteWork Protects You

Password Security

• Strong hashing — Passwords are hashed using Argon2id, a modern algorithm designed to resist attacks
• Breach checking — New passwords are checked against known data breaches
• No plain text — We never store or see your actual password

Session Security

• Secure cookies — Sessions use HttpOnly, Secure, and SameSite flags
• 30-day expiry — Sessions automatically expire after 30 days
• Per-device sessions — Each device has its own session

Connection Security

• HTTPS everywhere — All connections are encrypted with TLS
• Secure APIs — Xero and Stripe connections use OAuth and encrypted tokens

Account Protection

• Rate limiting — Prevents brute-force login attempts
• Account lockout — Temporary lockout after failed login attempts
• Email verification — Confirms you own your email address

Keeping Your Account Secure

Use a Strong Password

LiteWork requires at least 10 characters. Longer is better—a passphrase like “correct-horse-battery-staple” is more secure than “P@ssw0rd!”.

Avoid:

• Passwords you use on other sites
• Personal information (birthdays, names)
• Common words or patterns

Use Google Sign-In

If you have a Google account, using “Sign in with Google” is often more secure than a password. You benefit from Google’s security features, including their two-factor authentication.

Use a Password Manager

Password managers generate and store strong, unique passwords for each site. Popular options include 1Password, Bitwarden, and the built-in managers in Chrome, Safari, and Firefox.

Keep Your Email Secure

Your email is the key to your account—password resets go there. Protect your email account with:

• A strong, unique password
• Two-factor authentication
• Regular security checkups

Changing Your Password

To change your password:

1. Sign out of LiteWork
2. Click Forgot password? on the sign-in page
3. Enter your email address
4. Check your email for the reset link
5. Choose a new password

If you signed up with Google, you don’t have a LiteWork password—manage your password through Google instead.

Signing Out

Sign out when:

• Using a shared or public computer
• Lending your device to someone
• You suspect unauthorized access

To sign out: Click your name in the header and select Sign out.

Signing out only affects the current device. Other devices remain signed in.

If You Suspect Unauthorized Access

If you think someone else has accessed your account:

1. Change your password immediately — This invalidates all existing sessions
2. Check your email account — Make sure it’s still secure
3. Review recent activity — Look for documents you didn’t create
4. Contact support — Email support@litework.nz if you need help

Team Member Security

If you’re an organization Owner or Admin:

• Assign appropriate roles — Give people only the access they need
• Remove departed team members — Promptly remove access when someone leaves
• Review team regularly — Check who has access periodically

See Managing Team Roles for role permissions.

Third-Party Connections

Xero

LiteWork connects to Xero using OAuth. We never see your Xero password. You can disconnect Xero anytime from LiteWork Settings → Xero Sync.

Stripe

Payment processing uses Stripe. LiteWork never sees your full card number—it’s handled entirely by Stripe’s secure infrastructure.

Google

If you use Google sign-in, LiteWork only receives your email and name—never your Google password. You can revoke access from your Google account settings.

Your Data

How Data Is Organized

Your organization is your account. Within it, you can create companies (number depends on your plan), each with its own invoices, contacts, settings, and Xero connection. Team members you invite can access companies based on their role. Your data is completely isolated from other users.

Data Security

• HTTPS everywhere — All connections are encrypted with TLS
• Encryption at rest — Sensitive data encrypted in storage
• NZ-hosted infrastructure — Data stays in New Zealand
• Regular backups — Automatic daily backups
• Access controls — Team roles limit who sees what

Exporting Your Data

You’re never locked in. Export contacts and documents to CSV from LiteWork Settings → Import/Export. Download invoices as PDF anytime. If you use Xero, your data syncs there too. Need a complete export? Contact support@litework.nz.

Data Retention

Data is retained while your account is active. If you cancel your subscription, you have 90 days to export your data before it’s deleted.

Reporting Security Issues

If you discover a security vulnerability in LiteWork, please report it responsibly to security@litework.nz. We take all reports seriously and will respond promptly.

Related Articles

• Signing In to LiteWork — Login and password reset
• Managing Team Roles — Control team access
• Account and Login Issues — Troubleshooting
• Setting Up Two-Factor Authentication