This article provides information on the password security features available within Polygon Central for both Members and Admin Users.
Password Security Features
In the course of implementing 2FA, several password security features have also been added to Polygon Central.
These include:
- Minimum password length
- Password complexity checks
- Maximum login retries within a given window before account is temporarily locked out
- Token ageing (that is, if a user stays logged in for a given number of days, the system will log them out and they will need to login again.)
Password strength checks are performed using the zxcvbn library as recommended by the Open Web Application Security Project (OWASP).
Within this methodology, passwords are classified as a number from 0 to 4 with the following meaning:-
- 0: WEAK:
too guessable: risky password. (Guesses < 10^3) - 1: NORMAL
very guessable: protection from throttled online attacks. (Guesses < 10^6) - 2: MEDIUM
somewhat guessable: protection from un-throttled online attacks. (Guesses < 10^8) - 3: STRONG
safely un-guessable: moderate protection from offline slow-hash scenario. (Guesses < 10^10) - 4: VERY STRONG
very un-guessable: strong protection from offline slow-hash scenario. (Guesses >= 10^10)
To have a specific password strength check applied to Members and/or Admin Users please touch base with your Redcat contact.
You can find more information on Two Factor Authentication (2FA) for both Members and Admin Users here.