Protecting your apps with authentication is a critical step in securing your data. Using Caspio’s web user authentication, any form, report or web application may be easily password-protected and Caspio offers rich capabilities to ensure best practices in password management.

The following are password management options in Submission forms, Update forms, and Details DataPages. These options apply to fields that are set to Password data type in the source table. To reach these setting, open your DataPage for editing and in the DataPage wizard navigate to the Configure Fields screen. Select your password field and these options will be available on the right.

Password Strength Visualization

Strong passwords are a security best practice. The strength of a password is a combination of its length, complexity and unpredictability. Enable the checkbox for Show Password Strength in the Password Options section to provide your app users with a visual indication of how strong their chosen password is.

password-strength_1

Password Strength Enforcement

Setting the Password Strength Level lets you enforce the minimum strength of passwords that users select for themselves. Minimum password strength requirements can be enforced on Caspio forms wherever passwords are submitted, updated, or reset. Strengths levels are:

  • Weak: Less than 5 characters
  • Fair: At least 6 characters, including at least 1 number
  • Good: At least 8 characters, including at least 1 number and both lower and upper case letters
  • Strong: At least 12 characters, including at least 1 number, both lower and upper case letters, and at least one 1 special character (e.g. _, #, ?, !)

Enable the Minimum strength required checkbox and select the desired level from the dropdown.

password-strength_2n

Be sure to use the same password strength in other DataPages where users register, update their profile, or reset password via password recovery.

Validating Current Password Prior to Changing

In your authenticated applications you can setup a form to let your users change their password. The best practice is for your users to first enter their existing password before changing it.

This feature is available in update forms and details pages where a password field is editable.

To use this feature, select your password field in the DataPage wizard and enable Require current password validation in the Password Options section. To configure further, you can change the default label and in the Advanced tab, configure Field Options such as hint and placeholder or customize Layout Options.

Note: Use Password Recovery DataPage for app users who have forgotten their password. It provides them with a link to replace their password without having to remember their old password.