When password protecting your application with Caspio authentication, the following best practices can be used as a checklist to ensure important safeguards are considered.

1. Username field should be unique

This is now enforced by Caspio when creating a new application, but your old apps may or may not be following this rule depending on how they were designed. Basically, the field designated as username must be set to be unique in Table Design.

2. Encrypt passwords

This is an option left to application owner, but we highly recommend encrypting password fields. This is done in Table Design by selecting Password as data type of the field. The data in encrypted password fields is never visible through any app interface or Caspio table. If a user needs to change their password, new data can be entered through a Password Recovery DataPage.

Password Protect Your Application in Caspio

3. Password length and strength

In your form, require a minimum length for password that meets your standards. Many experts recommend requiring at least eight characters and including numbers and special characters. Enforcing strong passwords is a planned as a future option in Caspio, however at this time you can achieve this with a custom script.

4. Encourage regular password change

Prompt your users to change their password every 3 months and encourage them not to use old passwords. One way to prompt your users is to send an email which links to a Password Recovery DataPage.

5. Add CAPTCHA to login forms

To prevent brute force hacking, consider adding CAPTCHA to login forms. This can be done in the Authentication wizard when Advanced is selected on the first screen. Alternatively, you can ask for a two part authentication process, such as password and a security question.

Password Protect Your Caspio Application

 

To learn more about Caspio authentication, visit our HowTo site for step-by-step articles and video tutorials.

Do you have any other tips for securing your Caspio apps? Share it with other users.