featured
Digital Success. One and Done.TM
Experience the best of everything Caspio has to offer.
Start Your Free Trial in 30 Seconds
Learn to Build Caspio Apps for FREE
Stretch the Limits of Low-Code: Mobile Apps, Messaging, Integrations & More
Stand With Ukraine
When password protecting your application with Caspio authentication, the following best practices can be used as a checklist to ensure important safeguards are considered.
This is now enforced by Caspio when creating a new application, but your old apps may or may not be following this rule depending on how they were designed. Basically, the field designated as username must be set to be unique in Table Design.
This is an option left to application owner, but we highly recommend encrypting password fields. This is done in Table Design by selecting Password as data type of the field. The data in encrypted password fields is never visible through any app interface or Caspio table. If a user needs to change their password, new data can be entered through a Password Recovery DataPage.
In your form, require a minimum length for password that meets your standards. Many experts recommend requiring at least eight characters and including numbers and special characters. Enforcing strong passwords is a planned as a future option in Caspio, however at this time you can achieve this with a custom script.
Prompt your users to change their password every 3 months and encourage them not to use old passwords. One way to prompt your users is to send an email which links to a Password Recovery DataPage.
To prevent brute force hacking, consider adding CAPTCHA to login forms. This can be done in the Authentication wizard when Advanced is selected on the first screen. Alternatively, you can ask for a two part authentication process, such as password and a security question.
To learn more about Caspio authentication, visit our HowTo site for step-by-step articles and video tutorials.
Do you have any other tips for securing your Caspio apps? Share it with other users.