FAQs - Security

What if I don't want to make anything available publicly in the OSF?

The OSF is designed to support both private and public workflows. You can keep projects, or individual components of projects, private so that only your project collaborators have access to them.

How secure is my information?

Security is extremely important for the OSF. When you sign up and create a password, your password is not recorded. Instead, we store a bcrypt hash of your password. This is a computation on your password that cannot be reversed, but is the same every time it is computed from your password. This provides extra security. No one but you can know your password. When you click "Forgot your password," the OSF sends you a new random password because it neither stores nor has the ability to compute your password.

How does the OSF store and backup files that I upload to the site?

The OSF stores files with Rackspace via an open source sponsorship, and has backups on Amazon's Glacier platform. The OSF maintains several backup schemes, including off-site backups and automated backups performed by our host every day, week, and fortnight.

Rackspace and Amazon Glacier have their own methods to support data integrity (e.g., redundancy across 5+ locations), but the Open Science Framework takes the extra step of calculating multiple checksums and parity archives to account for even the most improbable errors.

Is data stored on OSF Storage encrypted? What are my options?

Transfer of data to OSF storage is encrypted with SSL. If you would like your data to be encrypted at rest, you can encrypt it before uploading to OSF Storage. You can also use the Amazon S3 add-on and implement server-side encryption to encrypt your data before saving it on S3 servers and decrypt it when you download it. Otherwise, data at rest is not encrypted on OSF Storage.

Is the OSF HIPAA compliant?

You should refer to your institutional policies regarding specific security requirements for your research.