Passwords

If you’re using a password as a login method, it’s important to set the following security settings. Frontegg follows the OWASP (Open Web Application Security Project) guidelines, making your application and customer accounts more secure.

To set the complexity level of passwords allowed in your account, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authentication ➜ Passwords.

Password complexity

Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (sign-up page, activation page - if email verification in enabled, Admin Portal)

Easy - Minimum of 6 characters
Medium - Minimum of 8 characters, and two out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
Hard -Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.

In the following example, we used a Medium password complexity level. In the process of creating a password, tags appear and guide you to create a valid password

Password strength meter

Enable this option to guide your users to choose the strongest password with the password meter when they create, activate their account, or change their passwords. To activate it, go to Builder ➜ Login box ➜ Email sign on ➜ Edit symbol

Password repeat protection

Choose the number of new, unique passwords a user must create before they could re-use an old one.

Email verification

Enable this option to ensure that your customers register with valid email addresses. When email verification is enabled, new users will receive an activation email upon sign-up, prompting them to set a password. This contrasts with the disabled functionality, where users are prompted to create a password directly on the sign-up page. Additionally, passwordless login methods that rely on email will automatically verify the user upon successful login.