Password
Password
If you’re using a password as a login method, it’s important to set the following security settings. Frontegg follow OWASP guidelines, making your application and customer accounts more secure.
Go to Builder > App settings > Password

Password complexity
Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (sign-up page, activation page - if email verification in enabled, Admin Portal)
-
Easy - Minimum of 6 characters
-
Medium - Minimum of 8 characters, and two out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
-
Hard -Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
In the following example, we used a Medium password complexity level. In the process of creating a password, tags appear and guide you to create a valid password

Password strength meter
Enable this option to guide your users to choose the strongest password with the password meter when they create, activate their account, or change their passwords.

Exposed credential detection
In case of a data breach on a site or app resulting in a password being exposed, you can choose between two actions
- Allow using a breached password and send an email notification to the user
- Don't allow using a breached password and show an error message
Password repeat protection
Choose the number of new, unique passwords a user must create before using an old one
Brute force protection
Choose the number of incorrect login attempts a user can make before they get locked out
Passwordless
Frontegg currently supports two passwordless authentication strategies:
- One-time code (OTC)
- Magic link
Go to Builder > App settings > Passwordless. You can set how long magic links or codes should be valid for
Updated 9 months ago