Passwords
Password Authentication
Password authentication in Frontegg requires users to enter a username and password combination to access their accounts. This traditional method is widely used across various platforms. If you opt for a password-based user login, you will need to comply with Frontegg's security settings, which include Password Complexityand Password repeat protection. These settings are part of the OWASP (Open Web Application Security Project) guidelines, devised to make your application and customer accounts more secure.
Password complexity refers to using specific rules or requirements to create strong passwords that are difficult for unauthorized users to guess or crack. These rules typically include a combination of character length, special characters, non-recurring figures, and a mix of upper and lowercase letters. The primary benefit of password complexity is that it increases the difficulty and time required for cybercriminals to breach accounts through brute-force attacks, thereby enhancing the security of sensitive data.
To set the complexity level of passwords allowed in your account, go to Environment ➜ Authentication ➜ Passwords.
Password complexity
Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (to enable users to set a password, make sure the email verification toggle is enabled).
-
Easy - Minimum of 6 characters, and avoid 3 recurring characters.
-
Medium - Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
-
Hard -Minimum of 10 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
Password strength meter
Enable this option to guide your users to choose the strongest password with the password meter when they create, activate, or change passwords for their accounts. To activate it, go to your Builder ➜ Login Box ➜ Email sign on ➜ Edit.
Password repeat protection
Choose the number of new, unique passwords a user must create before they can re-use a previously used one.
Email verification
Enable this option to ensure your customers are registered with a valid email addresses. When email verification is enabled, new users will receive an activation email upon sign-up, prompting them to set a password. When this functionality is disabled, users are prompted to create a password directly on the sign-up page. Additionally, passwordless login methods that rely on a user's email will automatically verify the user upon successful login.
Updated 16 days ago