About Passwords
Passwords are alphanumeric strings that an end user can submit along with their email address or username in order to sign up or log into your application.
See also: Password resets
Password Requirements
Userfront enforces password requirements that meet or exceed NIST Password Guidelines.
Passwords must be at least 16 characters long, or at least 8 characters long including a letter and a number.
Passwords cannot exceed 512 characters in length.
Attribute
Status
In test mode only, the following passwords are also allowed:
password
test
dev
Password Handling
Userfront does not store passwords in plain text. Passwords are stored as hashes and are encrypted at rest.
Passwords are not written to system logs.
Userfront uses the Bcrypt hashing function to generate password hashes, with a unique salt for each password.
Userfront limits the rate of password attempts at multiple levels, including per IP address, per user, and at the system-wide level.