If you’re using a password as a login method, it’s important to set the following security settings. Frontegg follows the OWASP (Open Web Application Security Project) guidelines, making your application and customer accounts more secure.
To set the complexity level of passwords allowed in your account, go to Builder > App settings > Password
Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (sign-up page, activation page - if email verification in enabled, Admin Portal)
Easy - Minimum of 6 characters
Medium - Minimum of 8 characters, and two out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
Hard -Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
In the following example, we used a Medium password complexity level. In the process of creating a password, tags appear and guide you to create a valid password
Enable this option to guide your users to choose the strongest password with the password meter when they create, activate their account, or change their passwords.
In case of a data breach on a site or app resulting in a password being exposed, you can choose between two actions
- Allow using a breached password and send an email notification to the user
- Don't allow using a breached password and show an error message
Choose the number of new, unique passwords a user must create before using an old one
Choose the number of incorrect login attempts a user can make before they get locked out
Updated 22 days ago