Account Security

LiteWork protects your account and data with multiple security layers. Here’s how security works and what you can do to keep your account safe.

How LiteWork Protects You

Password Security

• Strong hashing — Passwords are hashed using Argon2id, a modern algorithm designed to resist attacks
• Breach checking — New passwords are checked against known data breaches
• No plain text — We never store or see your actual password

Session Security

• Secure cookies — Sessions use HttpOnly, Secure, and SameSite flags
• 30-day expiry — Sessions automatically expire after 30 days
• Per-device sessions — Each device has its own session

Connection Security

• HTTPS everywhere — All connections are encrypted with TLS
• Secure APIs — Xero and Stripe connections use OAuth and encrypted tokens

Account Protection

• Rate limiting — Prevents brute-force login attempts
• Account lockout — Temporary lockout after failed login attempts
• Email verification — Confirms you own your email address

Keeping Your Account Secure

Use a Strong Password

LiteWork requires at least 10 characters. Longer is better—a passphrase like “correct-horse-battery-staple” is more secure than “P@ssw0rd!”.

Avoid:

• Passwords you use on other sites
• Personal information (birthdays, names)
• Common words or patterns

Use Google Sign-In

If you have a Google account, using “Sign in with Google” is often more secure than a password. You benefit from Google’s security features, including their two-factor authentication.

Use a Password Manager

Password managers generate and store strong, unique passwords for each site. Popular options include 1Password, Bitwarden, and the built-in managers in Chrome, Safari, and Firefox.

Keep Your Email Secure

Your email is the key to your account—password resets go there. Protect your email account with:

• A strong, unique password
• Two-factor authentication
• Regular security checkups

Changing Your Password

To change your password:

1. Sign out of LiteWork
2. Click Forgot password? on the sign-in page
3. Enter your email address
4. Check your email for the reset link
5. Choose a new password

If you signed up with Google, you don’t have a LiteWork password—manage your password through Google instead.

Signing Out

Sign out when:

• Using a shared or public computer
• Lending your device to someone
• You suspect unauthorized access

To sign out: Click your name in the header and select Sign out.

Signing out only affects the current device. Other devices remain signed in.

If You Suspect Unauthorized Access

If you think someone else has accessed your account:

1. Change your password immediately — This invalidates all existing sessions
2. Check your email account — Make sure it’s still secure
3. Review recent activity — Look for documents you didn’t create
4. Contact support — Email support@litework.nz if you need help

Team Member Security

If you’re an organization Owner or Admin:

• Assign appropriate roles — Give people only the access they need
• Remove departed team members — Promptly remove access when someone leaves
• Review team regularly — Check who has access periodically

See Managing Team Roles for role permissions.

Third-Party Connections

Xero

LiteWork connects to Xero using OAuth. We never see your Xero password. You can disconnect Xero anytime from LiteWork Settings → Xero Sync.

Stripe

Payment processing uses Stripe. LiteWork never sees your full card number—it’s handled entirely by Stripe’s secure infrastructure.

Google

If you use Google sign-in, LiteWork only receives your email and name—never your Google password. You can revoke access from your Google account settings.

Data Security

Beyond account security, your data is protected by:

• Encryption at rest — Sensitive data encrypted in storage
• NZ-hosted infrastructure — Data stays in New Zealand
• Regular backups — Automatic daily backups
• Access controls — Team roles limit who sees what

See Understanding Your Data for more details.

Reporting Security Issues

If you discover a security vulnerability in LiteWork, please report it responsibly to security@litework.nz. We take all reports seriously and will respond promptly.

Related Articles

• Signing In to LiteWork — Login and password reset
• Managing Team Roles — Control team access
• Understanding Your Data — Data protection
• Account and Login Issues — Troubleshooting