Password Strength

Password Strength

There are several checks allowed by FormLink to ensure passwords can't be guessed. Rate limiting is enabled for all FormLink accounts and cannot be disabled. After 5 invalid login attempts, an account is locked for 30 minutes. Besides rate limiting, optional requirements for passwords include:

• Minimum length: The default minimum password length is 6 characters. When Accounts enable password requirements, they have the ability to raise this minimum. The default for strong passwords is 8 but is configurable to any length.
• Character requirements: When strong passwords are required, a minimum of one of each below character type is required
  • Uppercase letter (A, B, C)
  • Lowercase letter (a, b, c)
  • Number (1, 2, 3)
  • Special Symbol (!, @, $)
• Common Patterns: The following patterns are disallowed from strong passwords:
  • Repeating numbers, letters, or symbols (111, $$$, aaa, AaA)
  • Adjacent numbers or letters (123, abc, 987, zYx)
  • Consecutive keyboard letters (qwerty, zxcv, jkl;)
  • Years (1987, 2015)
• Dictionary Words: This is an optional setting that can be turned on or off for strong passwords. If enabled, words found in the dictionary (containing 4 or more letters) are prohibited. For example: "Baseball257!" would pass the above requirements (assuming minimum length is 8 characters), but fail if this setting is enabled as well.