PGP Authentication Mandatory — Configure Before August 31
All accounts must have PGP configured by August 31, 2025. Accounts without PGP will be locked pending setup.
Effective August 31, 2025, all accounts on the platform must have a PGP public key configured and PGP-based authentication enabled. Accounts that have not completed this setup by the deadline will be locked until configuration is complete. This security upgrade applies to all user roles including buyers, vendors, and administrators.
Why PGP Authentication
Traditional password authentication has a fundamental weakness: passwords can be phished, brute-forced, or captured via keyloggers. PGP authentication works differently — the server issues a challenge that must be signed with the user's private key. The private key never leaves the user's machine. An attacker who captures the challenge cannot sign it without the key, making credential theft against PGP-authenticated accounts practically infeasible.
Setup Summary
1. Download GPG (gnupg.org) and generate a keypair. 2. Export your public key. 3. Upload to your account Security Settings. 4. Test by completing a PGP login challenge. Full documentation is available in the OPSEC guide. Contact support well before the August 31 deadline if you need assistance.