Passwords

Available on the following plans

FreeBasicPremiumUltimateEnterprise

About Passwords

Passwords are alphanumeric strings that an end user can submit along with their email address or username in order to sign up or log into your application.

See also: Password resets

Password sign up form

Password Requirements

Userfront enforces password requirements that meet or exceed NIST Password Guidelines.

Passwords must be at least 16 characters long, or at least 8 characters long including a letter and a number.

Passwords cannot exceed 512 characters in length.

Attribute
Status
Minimum password length if letter and number are included
8 characters
Minimum password length without character requirements
16 characters
Maximum password length
512 characters

In test mode only, the following passwords are also allowed:

  • password
  • test
  • dev

Password Handling

Userfront does not store passwords in plain text. Passwords are stored as hashes and are encrypted at rest.

Passwords are not written to system logs.

Userfront uses the Bcrypt hashing function to generate password hashes, with a unique salt for each password.

Userfront limits the rate of password attempts at multiple levels, including per IP address, per user, and at the system-wide level.

Attribute
Status
Password hashing function
Bcrypt
Password hashing cipher
Blowfish
Password salting
Unique per password
Key stretching
Included
Brute force attack resistance
check_circle
Preimage attack resistance
check_circle
Timing attack resistance
check_circle
Rainbow table attack resistance
check_circle
Log filtering
check_circle
Password hash encryption at rest
check_circle