Password authentication
Frontegg's password authentication requires users to log in with a username and password, adhering to OWASP security guidelines. These include password complexity rules, such as character length, special characters, and mixed case, designed to strengthen security and protect against brute-force attacks.
Password complexity
Password complexity is a measure of how difficult a password is to guess. The password complexity will appear when a user creates a password (to enable users to set a password, make sure the email verification toggle is enabled).
To set the complexity level of passwords allowed in your account, go to [ENVIRONMENT] → Authentication → Password.
Easy - Minimum of 6 characters, and avoid 3 recurring characters.
Medium - Minimum of 8 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
Hard - Minimum of 10 characters, and four out of the four tests (uppercase, lower case, number, special character), and avoid 3 recurring characters.
Password strength meter
Enable this option to guide your users to choose the strongest password with the password meter when they create, activate, or change passwords for their accounts. To activate it, go to your Builder → Login Box → Email sign on → Edit.
Password repeat protection
Choose the number of new, unique passwords a user must create before they can re-use a previously used one.
Email verification
Enable this option to ensure your customers are registered with a valid email addresses. When email verification is enabled, new users will receive an activation email upon sign-up, prompting them to set a password. When this functionality is disabled, users are prompted to create a password directly on the sign-up page. Additionally, passwordless login methods that rely on a user's email will automatically verify the user upon successful login.
