Password Policy

As an identity platform, LoginRadius has multiple security features to ensure the security of each identity. The password protocols and procedures such as Password Expiration, Password History, Password Complexity, Password Strength and Password Hashing Algorithm should be enforced to secure user identity.

LoginRadius can improve the security of your end-users with these Password Security Features:

Your LoginRadius account can be configured to periodically request an updated password from your customers. This feature allows you to customize how often you want your customers to reset their passwords by triggering a password update request upon login after the configured time period has elapsed.

This feature allows you to configure the number of previous hashed passwords stored by LoginRadius. This mitigates the risk of password recycling by forcing customers to use a unique password not already contained in their Password History.

You can configure the complexity requirements of your customers' passwords by defining a Validation String in the Admin Console, which supports both regular expressions and pre-defined keywords.

To identify users who comply with newly configured password complexity requirements, this feature will set a flag on the customer's profile, which can then be used to segment users via either the Admin Console or Cloud API. Contact our Support team to enable Password Compliance Check.

This encryption protocol is customizable and can be upgraded to a more secure algorithm at any time. Upgrading the algorithm does not require users to reset their passwords. With one-way hashing, the stored information can only be matched and cannot be decrypted.

See this document for further information on supported hashing algorithms.

LoginRadius provides various password hashing options. In doing so, we allow customers to set a random salt for each password to further increase security.

See this document for further information on hashing algorithms and salting.

This section covers key configurations in the LoginRadius Admin Console, including password expiration, password history, and password complexity. Additionally, details on default password policies, password compliance checks, and password visibility settings are provided.

Password Expiration

Password Expiration forces users to update their passwords after a defined period, reducing security risks associated with prolonged password use.
Configuration Steps:

• Navigate to the Admin Console>Security>Password Policy>Password Expiration section
• Set password expiration period. Users shall reset their password after the expiry

Password History

Password History prevents users from reusing previous passwords, ensuring better security hygiene.

Configuration Steps:

• Navigate to the Password History section
• Enable Password History to limit users from reusing past passwords.

Password Complexity

Password Complexity enforces strong passwords by defining validation rules and preventing weak or commonly used passwords.
Configuration Steps:

1. Navigate to Password Policy in Admin Console.
2. Select the time unit (Day/Month/Year) to enforce password changes after the specified duration.
3. Click Save to enforce password expiration.
4. Enable the password history feature.
5. Set the number of previous passwords that users cannot reuse.
6. Click Save to apply the policy.
7. Enable password validation settings, such as:
   1. Enforcing password length and complexity.
   2. Preventing the use of common passwords.
   3. Restricting dictionary words and profile-related data as passwords.
8. Click Save to apply the settings.

This document provides detailed information on Password Management customization and configuration.

• Password length and complexity: Minimum 10 character with at least one number and symbol
• Password History: Customer can't use last 5 same passwords
• Maximum password age: The maximum password age is 90 days and password expires after 90 days
• Multi-Factor Authentication: Provides the option to enable Google Authenticator or Phone SMS as a 2nd Factor Authentication for their account