Password

If you’re using a password as a login method, it’s important to set the following security settings. Frontegg follow OWASP guidelines, making your application and customer accounts more secure.
Go to Builder > App settings > Password

1712

Password complexity

Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (sign-up page, activation page - if email verification in enabled, Admin Portal)

  1. Easy - Minimum of 6 characters

  2. Medium - Minimum of 8 characters, and two out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.

  3. Hard -Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.

In the following example, we used a Medium password complexity level. In the process of creating a password, tags appear and guide you to create a valid password

3402

Password strength meter

Enable this option to guide your users to choose the strongest password with the password meter when they create, activate their account, or change their passwords.

698

Exposed credential detection

In case of a data breach on a site or app resulting in a password being exposed, you can choose between two actions

  1. Allow using a breached password and send an email notification to the user
  2. Don't allow using a breached password and show an error message

Password repeat protection

Choose the number of new, unique passwords a user must create before using an old one

Brute force protection

Choose the number of incorrect login attempts a user can make before they get locked out

Passwordless

Frontegg currently supports two passwordless authentication strategies:

  1. One-time code (OTC)
  2. Magic link

Go to Builder > App settings > Passwordless. You can set how long magic links or codes should be valid for