Immersive enforces password security by requiring a minimum length of 12 characters without specific complexity rules, recommending strong, unique passwords. Passwords are checked against user-related data and the Have I Been Pwned database to prevent weak or compromised passwords. Password expiration is not mandatory unless compromised or after 365 days. Users receive guidance if passwords are weak, enhancing account security.
At Immersive, we prioritize the security of user accounts during the registration process by enforcing password requirements.
When creating a new user account with an email/password authentication type, the following password requirements apply:
- Minimum Length: Your password must be a minimum of 12 characters long. We encourage the use of longer passwords to enhance security.
- Complexity: Currently, there is no specific complexity requirement for passwords. You are not required to include specific character classes, such as numbers or non-alphanumeric characters. However, we recommend creating a strong and unique password for better security.
- Password Expiration: We do not enforce password expiration by default. Following the guidelines from the National Institute of Standards and Technology (NIST), we believe that password resets should be prompted only in the event of a known compromise or every 365 days. This approach encourages users to create longer and more robust passwords that are harder to crack.
To ensure the strength of your password and prevent the use of easily guessable or publicly available information, we perform the following checks:
- We check if your password contains your email address, username, first name, last name, company name, or landing page subdomain. If any of these are found, the strength score of your password will be reduced.
- We also compare your password against a database of known compromised passwords available at https://haveibeenpwned.com. If your password appears in a breach dataset, we will notify you and recommend choosing a different password. You can find more information about this database in their About section.
In addition to enforcing these checks, we provide guidance to users when their password is rejected. For example, if you attempt to set your password as "qwertyuiop" we will inform you that the password is weak and provide a message explaining that passwords with straight rows of keys on the keyboard are easy to guess.
By implementing these password requirements and offering guidance, we aim to enhance the security of your Immersive account and protect your information.
Comments
0 comments
Article is closed for comments.