Password Security Features

This article provides information on the password security features available within Polygon Central for both Members and Admin Users.

Password Security Features

In the course of implementing 2FA, several password security features have also been added to Polygon Central.   

These include:  

  • Minimum password length 
  • Password complexity checks 
  • Maximum login retries within a given window before account is temporarily locked out 
  • Token ageing (that is, if a user stays logged in for a given number of days, the system will log them out and they will need to login again.) 

Password strength checks are performed using the zxcvbn library as recommended by the Open Web Application Security Project (OWASP).    

Within this methodology, passwords are classified as a number from 0 to 4 with the following meaning:- 

  • 0: WEAK
    too guessable: risky password. (Guesses < 10^3) 
  • 1: NORMAL 
    very guessable: protection from throttled online attacks. (Guesses < 10^6) 
  • 2: MEDIUM 
    somewhat guessable: protection from un-throttled online attacks. (Guesses < 10^8) 
  • 3: STRONG 
    safely un-guessable: moderate protection from offline slow-hash scenario. (Guesses < 10^10)
  • 4: VERY STRONG
    very un-guessable: strong protection from offline slow-hash scenario. (Guesses >= 10^10)

To have a specific password strength check applied to Members and/or Admin Users please touch base with your Redcat contact.

 

You can find more information on Two Factor Authentication (2FA) for both Members and Admin Users here.