Security · Web
Securing project memory with Custom Auth and MFA Enforcement
We moved beyond third-party auth to build a deeply integrated security layer with TOTP and organization-wide enforcement.
Why we built custom auth
As vem scales, we needed tighter integration between identity, organizations, and our memory indexing pipeline. Third-party providers often made it difficult to enforce granular seat rules and project-level roles.
Our new auth system, powered by Supabase, allows us to provide a seamless sign-in experience that is fully branded and aware of your organization's security requirements.
Multi-Factor Authentication (MFA) as a standard
Project memory is sensitive. To protect it, we've implemented first-class MFA support using TOTP (Time-based One-Time Passwords).
Users can easily enroll via their profile, generate recovery codes, and manage their trusted devices.
- TOTP enrollment with any standard authenticator app
- Secure recovery code generation and storage
- MFA challenge flows for sensitive operations
Organization-wide enforcement
For teams with high security requirements, admins can now enforce MFA for all members. If enforcement is on, members without a second factor are restricted to read-only access.
This ensures that any contribution to your project's memory layer is backed by a verified, secure identity.
What's next for security
We're continuing to refine our audit logs and session management to give admins even more visibility into how their team's memory is being accessed and updated.