From a2136e565cdcf2c838ab3388ace449a7ff2b2583 Mon Sep 17 00:00:00 2001
From: Saurabh Kumar Bajpai <157192462+saurabhhhcodes@users.noreply.github.com>
Date: Sun, 31 May 2026 01:42:37 +0530
Subject: [PATCH 1/2] feat: add security FAQ to landing page
---
.../src/components/LandingSecurityFaq.tsx | 95 +++++++++++++++
frontend/src/pages/HomePage.tsx | 114 +++++++++---------
frontend/src/pages/LandingPage.tsx | 2 +
3 files changed, 156 insertions(+), 55 deletions(-)
create mode 100644 frontend/src/components/LandingSecurityFaq.tsx
diff --git a/frontend/src/components/LandingSecurityFaq.tsx b/frontend/src/components/LandingSecurityFaq.tsx
new file mode 100644
index 0000000..eb4ab09
--- /dev/null
+++ b/frontend/src/components/LandingSecurityFaq.tsx
@@ -0,0 +1,95 @@
+import React from 'react';
+import { Link } from 'react-router-dom';
+import { HelpCircle, ShieldCheck } from 'lucide-react';
+
+type FaqItem = {
+ question: string;
+ answer: string;
+};
+
+const FAQ_ITEMS: FaqItem[] = [
+ {
+ question: 'What does zero-knowledge mean in AccountSafe?',
+ answer:
+ 'Sensitive vault data is encrypted in your browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.',
+ },
+ {
+ question: 'Does my master password leave my device?',
+ answer:
+ 'No. The browser derives authentication and encryption material locally, then sends only the derived authentication hash needed for verification.',
+ },
+ {
+ question: 'What encryption protects vault data?',
+ answer:
+ 'Vault data uses AES-256-GCM authenticated encryption with Argon2id key derivation, matching the project security documentation.',
+ },
+ {
+ question: 'Can I export or restore my vault?',
+ answer:
+ 'Yes. AccountSafe supports encrypted zero-knowledge export and import flows, so backups stay decryptable only by the account holder.',
+ },
+ {
+ question: 'What is duress mode?',
+ answer:
+ 'Duress mode lets a separate password open a decoy vault while keeping the real vault protected, which is useful for coercion-resistant access.',
+ },
+ {
+ question: 'How does shared-secret access work?',
+ answer:
+ 'Shared secrets are protected with a passphrase and expiry controls so temporary access can be granted without exposing the entire vault.',
+ },
+ {
+ question: 'Can I self-host AccountSafe?',
+ answer:
+ 'Yes. The repository includes local, Docker, and production setup guidance for running the Django backend and React frontend yourself.',
+ },
+];
+
+const LandingSecurityFaq: React.FC = () => {
+ return (
+
+
+
+
+
+
+ Security FAQ
+
+
+ Practical answers before you trust a vault
+
+
+ Short, implementation-backed answers about how AccountSafe protects credentials without marketing claims or fabricated social proof.
+
- Protected by AES-256-GCM authenticated encryption with Argon2id key derivation. Our zero-knowledge architecture ensures your data is encrypted securely at rest
-
-
-
-
- Log in to your vault
-
-
- Create free account
-
-
-
- {/* Trust indicators */}
-
-
-
- Zero-Knowledge Architecture
-
-
-
- Industry-Standard Encryption at Rest
-
-
-
- Secure Credential Management
+
+
+ Welcome to AccountSafe
+
+
+ Protected by AES-256-GCM authenticated encryption with Argon2id key derivation. Our zero-knowledge architecture ensures your data is encrypted securely at rest
+
+
+
+
+ Log in to your vault
+
+
+ Create free account
+
);
};
From 358e951340df6a306f04a799b05facbdfbd0276c Mon Sep 17 00:00:00 2001
From: Saurabh Kumar Bajpai <157192462+saurabhhhcodes@users.noreply.github.com>
Date: Sun, 31 May 2026 14:23:20 +0530
Subject: [PATCH 2/2] docs: cite landing FAQ sources
---
frontend/src/components/LandingSecurityFaq.tsx | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/frontend/src/components/LandingSecurityFaq.tsx b/frontend/src/components/LandingSecurityFaq.tsx
index eb4ab09..c401250 100644
--- a/frontend/src/components/LandingSecurityFaq.tsx
+++ b/frontend/src/components/LandingSecurityFaq.tsx
@@ -5,43 +5,51 @@ import { HelpCircle, ShieldCheck } from 'lucide-react';
type FaqItem = {
question: string;
answer: string;
+ source: string;
};
const FAQ_ITEMS: FaqItem[] = [
{
question: 'What does zero-knowledge mean in AccountSafe?',
answer:
- 'Sensitive vault data is encrypted in your browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.',
+ 'Sensitive vault data is encrypted in the browser before it is sent anywhere. The server stores encrypted vault data, not readable credentials.',
+ source: 'README and SECURITY.md',
},
{
question: 'Does my master password leave my device?',
answer:
'No. The browser derives authentication and encryption material locally, then sends only the derived authentication hash needed for verification.',
+ source: 'SECURITY.md security model',
},
{
question: 'What encryption protects vault data?',
answer:
'Vault data uses AES-256-GCM authenticated encryption with Argon2id key derivation, matching the project security documentation.',
+ source: 'README feature list',
},
{
question: 'Can I export or restore my vault?',
answer:
'Yes. AccountSafe supports encrypted zero-knowledge export and import flows, so backups stay decryptable only by the account holder.',
+ source: 'README and disaster recovery docs',
},
{
question: 'What is duress mode?',
answer:
'Duress mode lets a separate password open a decoy vault while keeping the real vault protected, which is useful for coercion-resistant access.',
+ source: 'README active defense section',
},
{
question: 'How does shared-secret access work?',
answer:
'Shared secrets are protected with a passphrase and expiry controls so temporary access can be granted without exposing the entire vault.',
+ source: 'README and API docs',
},
{
question: 'Can I self-host AccountSafe?',
answer:
'Yes. The repository includes local, Docker, and production setup guidance for running the Django backend and React frontend yourself.',
+ source: 'README and configuration docs',
},
];
@@ -84,6 +92,9 @@ const LandingSecurityFaq: React.FC = () => {