Passwords are the most common authentication factor for our users. Authentication factors are ways in which users verify their identity to gain access to your application.
In your Auth Dashboard, you can enable and disable different authentication factors in order to customize your login flow. The single-factor authentication factors include:
Userfront enforces minimum password requirements to make your application(s) more secure:
These requirements are in line with National Institute of Technology (NIST) standards. NIST, which is a part of the U.S. Department of Commerce, is “responsible for developing information security standards and guidelines, including minimum requirements for federal system.”
Userfront does not store passwords in plain text. Passwords are stored as hashes and are encrypted at rest. Passwords are also not written to system logs.
We use the Bcrypt hashing function to generate password hashes, with a unique salt for each password. Additionally, Userfront limits the rate of password attempts at multiple levels, including per IP address, per user, and at the system-wide level.
Read more about passwords in the Userfront Security Report.