A password policy is a set of rules that businesses design to enhance their applications and data security. It typically includes encouraging or requiring users to create strong, and safer passwords to maintain a baseline shield against hackers.
A strong password policy outlines how passwords should be created, stored and how often they should be updated. Many default password policies, for instance, require a minimum of eight characters in length and some combination of special characters.
LoginRadius Password Policy offers the first line of defense in protecting business and consumer data. From setting complexity requirements to preventing users from choosing previously used passwords, the recently launched feature provides a plethora of robust password management opportunities.
Using the Password Policy feature by LoginRadius, businesses can collectively make their application and consumer accounts more secure by combating password-related attacks and frauds. Some of the major benefits include:
- Businesses can ensure that consumers' actual password value is never stored in their database with password hashing and salting,
- Businesses can implement common password prevention policies to protect against dictionary attacks.
- Businesses can introduce complexity to passwords like the use of mandatory alphanumeric and special characters, and a minimum password length policy.
- Businesses can restrict consumers from using their email, name, DOB, etc., in account passwords.
- Businesses can enforce auto-expiry of passwords and then restrict consumers from reusing a previous password.
Password Hashing: One-way hashing ensures maximum security and compliance by restricting anyone who has access to data from viewing the password. Moreover, the stored information can only be matched and cannot be decrypted.
LoginRadius supports the following one-way hashing algorithms:
Businesses can update the applied password hashing algorithm anytime without requiring a password reset. Similarly, LoginRadius also supports migration from weak to the above mentioned strong hashing algorithms.
- Password Salting: This feature adds a layer of security to the hashing process, specifically against brute force attacks. LoginRadius supports two ways of Password Salting.
- Peppered: A system-wide salt to prefix or suffix across all passwords.
- Bring Your Own Key (BYOK): A unique salt to use per password, making it more secure than peppered.
- Password Compliance Check: Businesses can identify if consumers are complying with their configured password complexity. They can also generate reports for those who do not follow the new set rules and take action accordingly to ensure security and compliance.
- Data Encryption: LoginRadius offers encryption at-rest and in-transit. It allows communication with the TLS1.2 protocol and all lower versions of the SSL protocols are disabled.
The Password Policy feature also offers the following consumer-centric features:
- Password Complexity: Businesses can make sure consumers follow the complexity rules while creating or updating their account password. For example, they can set a minimum or maximum password length with a mandatory alphanumeric and special character (s).
- Common Password Protection: Businesses can restrict consumers from setting a common password for their accounts.
- Profile Password Prevention: Businesses can restrict consumers from using the profile data as a password for their account.
- Password Expiration: Businesses can set an auto-expiry age to force consumers to change their passwords in a configured duration.
- Password History: Businesses can configure how many unique passwords a consumer must set for their account before reusing an old password. For example, they can restrict consumers from using their three recent account passwords.
We can’t emphasize enough the importance of using a strong password. Implementing our comprehensive Password Policy can secure both your organization's and consumers' assets. With LoginRadius, you will always be a step ahead and mitigate the risks associated with passwords.