From a2136e565cdcf2c838ab3388ace449a7ff2b2583 Mon Sep 17 00:00:00 2001 From: Saurabh Kumar Bajpai <157192462+saurabhhhcodes@users.noreply.github.com> Date: Sun, 31 May 2026 01:42:37 +0530 Subject: [PATCH 1/2] feat: add security FAQ to landing page --- .../src/components/LandingSecurityFaq.tsx | 95 +++++++++++++++ frontend/src/pages/HomePage.tsx | 114 +++++++++--------- frontend/src/pages/LandingPage.tsx | 2 + 3 files changed, 156 insertions(+), 55 deletions(-) create mode 100644 frontend/src/components/LandingSecurityFaq.tsx diff --git a/frontend/src/components/LandingSecurityFaq.tsx b/frontend/src/components/LandingSecurityFaq.tsx new file mode 100644 index 0000000..eb4ab09 --- /dev/null +++ b/frontend/src/components/LandingSecurityFaq.tsx @@ -0,0 +1,95 @@ +import React from 'react'; +import { Link } from 'react-router-dom'; +import { HelpCircle, ShieldCheck } from 'lucide-react'; + +type FaqItem = { + question: string; + answer: string; +}; + +const FAQ_ITEMS: FaqItem[] = [ + { + question: 'What does zero-knowledge mean in AccountSafe?', + answer: + 'Sensitive vault data is encrypted in your browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.', + }, + { + question: 'Does my master password leave my device?', + answer: + 'No. The browser derives authentication and encryption material locally, then sends only the derived authentication hash needed for verification.', + }, + { + question: 'What encryption protects vault data?', + answer: + 'Vault data uses AES-256-GCM authenticated encryption with Argon2id key derivation, matching the project security documentation.', + }, + { + question: 'Can I export or restore my vault?', + answer: + 'Yes. AccountSafe supports encrypted zero-knowledge export and import flows, so backups stay decryptable only by the account holder.', + }, + { + question: 'What is duress mode?', + answer: + 'Duress mode lets a separate password open a decoy vault while keeping the real vault protected, which is useful for coercion-resistant access.', + }, + { + question: 'How does shared-secret access work?', + answer: + 'Shared secrets are protected with a passphrase and expiry controls so temporary access can be granted without exposing the entire vault.', + }, + { + question: 'Can I self-host AccountSafe?', + answer: + 'Yes. The repository includes local, Docker, and production setup guidance for running the Django backend and React frontend yourself.', + }, +]; + +const LandingSecurityFaq: React.FC = () => { + return ( +
+
+
+
+
+
+

+ Practical answers before you trust a vault +

+

+ Short, implementation-backed answers about how AccountSafe protects credentials without marketing claims or fabricated social proof. +

+
+ + Read security docs + +
+ +
+ {FAQ_ITEMS.map(item => ( +
+ + +

+ {item.answer} +

+
+ ))} +
+
+
+ ); +}; + +export default LandingSecurityFaq; diff --git a/frontend/src/pages/HomePage.tsx b/frontend/src/pages/HomePage.tsx index b69b80b..b581fa7 100644 --- a/frontend/src/pages/HomePage.tsx +++ b/frontend/src/pages/HomePage.tsx @@ -2,6 +2,7 @@ import React from 'react'; import { Link } from 'react-router-dom'; import { useAuth } from '../contexts/AuthContext'; import { CategoryManager } from '../features/vault/components'; +import LandingSecurityFaq from '../components/LandingSecurityFaq'; const HomePage: React.FC = () => { const { token } = useAuth(); @@ -11,66 +12,69 @@ const HomePage: React.FC = () => { {token ? ( ) : ( -
-
- {/* Hero Icon */} -
-
- AccountSafe + <> +
+
+ {/* Hero Icon */} +
+
+ AccountSafe +
-
- -

- Welcome to AccountSafe -

-

- Protected by AES-256-GCM authenticated encryption with Argon2id key derivation. Our zero-knowledge architecture ensures your data is encrypted securely at rest -

- -
- - Log in to your vault - - - Create free account - -
- - {/* Trust indicators */} -
-
- - - - Zero-Knowledge Architecture -
-
- - - - Industry-Standard Encryption at Rest -
-
- - - - Secure Credential Management + +

+ Welcome to AccountSafe +

+

+ Protected by AES-256-GCM authenticated encryption with Argon2id key derivation. Our zero-knowledge architecture ensures your data is encrypted securely at rest +

+ +
+ + Log in to your vault + + + Create free account +
-
- - - - Managed Security Architecture + + {/* Trust indicators */} +
+
+ + + + Zero-Knowledge Architecture +
+
+ + + + Industry-Standard Encryption at Rest +
+
+ + + + Secure Credential Management +
+
+ + + + Managed Security Architecture +
-
+ + )}
); diff --git a/frontend/src/pages/LandingPage.tsx b/frontend/src/pages/LandingPage.tsx index fa3fc96..fcc56ff 100644 --- a/frontend/src/pages/LandingPage.tsx +++ b/frontend/src/pages/LandingPage.tsx @@ -1,6 +1,7 @@ import React from 'react'; import { BookOpen, ArrowRight, Check } from 'lucide-react'; import { ButtonLink } from '../components/ui'; +import LandingSecurityFaq from '../components/LandingSecurityFaq'; const LandingPage: React.FC = () => { return ( @@ -73,6 +74,7 @@ const LandingPage: React.FC = () => {
+
); }; From 358e951340df6a306f04a799b05facbdfbd0276c Mon Sep 17 00:00:00 2001 From: Saurabh Kumar Bajpai <157192462+saurabhhhcodes@users.noreply.github.com> Date: Sun, 31 May 2026 14:23:20 +0530 Subject: [PATCH 2/2] docs: cite landing FAQ sources --- frontend/src/components/LandingSecurityFaq.tsx | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/frontend/src/components/LandingSecurityFaq.tsx b/frontend/src/components/LandingSecurityFaq.tsx index eb4ab09..c401250 100644 --- a/frontend/src/components/LandingSecurityFaq.tsx +++ b/frontend/src/components/LandingSecurityFaq.tsx @@ -5,43 +5,51 @@ import { HelpCircle, ShieldCheck } from 'lucide-react'; type FaqItem = { question: string; answer: string; + source: string; }; const FAQ_ITEMS: FaqItem[] = [ { question: 'What does zero-knowledge mean in AccountSafe?', answer: - 'Sensitive vault data is encrypted in your browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.', + 'Sensitive vault data is encrypted in the browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.', + source: 'README and SECURITY.md', }, { question: 'Does my master password leave my device?', answer: 'No. The browser derives authentication and encryption material locally, then sends only the derived authentication hash needed for verification.', + source: 'SECURITY.md security model', }, { question: 'What encryption protects vault data?', answer: 'Vault data uses AES-256-GCM authenticated encryption with Argon2id key derivation, matching the project security documentation.', + source: 'README feature list', }, { question: 'Can I export or restore my vault?', answer: 'Yes. AccountSafe supports encrypted zero-knowledge export and import flows, so backups stay decryptable only by the account holder.', + source: 'README and disaster recovery docs', }, { question: 'What is duress mode?', answer: 'Duress mode lets a separate password open a decoy vault while keeping the real vault protected, which is useful for coercion-resistant access.', + source: 'README active defense section', }, { question: 'How does shared-secret access work?', answer: 'Shared secrets are protected with a passphrase and expiry controls so temporary access can be granted without exposing the entire vault.', + source: 'README and API docs', }, { question: 'Can I self-host AccountSafe?', answer: 'Yes. The repository includes local, Docker, and production setup guidance for running the Django backend and React frontend yourself.', + source: 'README and configuration docs', }, ]; @@ -84,6 +92,9 @@ const LandingSecurityFaq: React.FC = () => {

{item.answer}

+

+ Source: {item.source} +

))}