Glossary
June 7, 2023

Passwords: The Most Common Authentication Factor

Passwords are the most common authentication factor for our users. Authentication factors are ways in which users verify their identity to gain access to your application.

In your Auth Dashboard, you can enable and disable different authentication factors in order to customize your login flow. The single-factor authentication factors include:

  • Password
  • Login link email (passwordless)
  • SSO (single sign-on) provider like Google or Facebook
  • Email verification code
  • SMS verification code
  • TOTP authenticator code

Password Requirements

Userfront enforces minimum password requirements to make your application(s) more secure:

  • Passwords must be at least 16 characters long OR
  • Passwords must be at least 8 characters long including a letter and a number.
  • Passwords cannot exceed 512 characters in length.

These requirements are in line with National Institute of Technology (NIST) standards. NIST, which is a part of the U.S. Department of Commerce, is “responsible for developing information security standards and guidelines, including minimum requirements for federal system.”

Password Handling

Userfront does not store passwords in plain text. Passwords are stored as hashes and are encrypted at rest. Passwords are also not written to system logs.

We use the Bcrypt hashing function to generate password hashes, with a unique salt for each password. Additionally, Userfront limits the rate of password attempts at multiple levels, including per IP address, per user, and at the system-wide level.

  • Password hashing function: Bcrypt
  • Password hashing cipher: Blowfish
  • Password salting: Unique per password
  • Key stretching: Included
  • Brute force attack resistance: Active
  • Preimage attack resistance: Active
  • Timing attack resistance: Active
  • Rainbow table attack resistance: Active
  • Log filtering: Active
  • Password hash encryption at rest: Active

Read more about passwords in the Userfront Security Report.

Related

SOC 2 Compliance: What You Need to Know

SOC 2 is a framework specifically designed to ensure that service providers handle data securely, addressing three key areas: security, availability, and confidentiality. This framework is crucial for organizations that store or process customer information, particularly those in the SaaS industry.
September 4, 2024
By 
Darin Evangelista
Glossary

Machine-to-Machine Authentication: JWTs vs API Keys

This guide explores how Userfront handles M2M authentication, providing an in-depth look at the options available, including JSON Web Tokens (JWTs) and API keys, and how they can be tailored to meet specific security requirements.
August 28, 2024
By 
Darin Evangelista
Glossary

Tenants All the Way Down: How Userfront Handles Access Management

This blog post explores various approaches to access management, focusing on the flexibility provided by tenants, child tenants, and multi-tenancy.
July 24, 2024
By 
Darin Evangelista
Glossary