Skip to content
This repository has been archived by the owner on Jan 31, 2023. It is now read-only.

Improve login security #8

Open
affand opened this issue Jul 15, 2018 · 1 comment
Open

Improve login security #8

affand opened this issue Jul 15, 2018 · 1 comment

Comments

@affand
Copy link

affand commented Jul 15, 2018

Some IdentityOptions attributes need to be set in Startup.cs in order to guide the user to create secure password & improve login security:

services.Configure<IdentityOptions>(options =>
            {
                // Password settings
                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 8;
                options.Password.RequireNonAlphanumeric = true;
                options.Password.RequireUppercase = true;
                options.Password.RequireLowercase = true;
                options.Password.RequiredUniqueChars = 6;

                // Lockout settings
                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                options.Lockout.MaxFailedAccessAttempts = 10;
                options.Lockout.AllowedForNewUsers = true;

                // User settings
                options.User.RequireUniqueEmail = true;
            });
@frandi
Copy link

frandi commented Jul 16, 2018

This is good, thanks. Although I think some of them are subjective opinions, but it's a good start, and we'll surely tweak it along the time. We might even want to integrate it with external service like https://haveibeenpwned.com/API/v2.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frandi @affand