The Caspio Low-Code Platform
All the Tools and Support You Need
Unlimited Users With Every Plan
September 26, 2011
When password protecting your application with Caspio authentication, the following best practices can be used as a checklist to ensure important safeguards are considered.
This is now enforced by Caspio when creating a new application, but your old apps may or may not be following this rule depending on how they were designed. Basically, the field designated as username must be set to be unique in Table Design.
This is an option left to application owner, but we highly recommend encrypting password fields. This is done in Table Design by selecting Password as data type of the field. The data in encrypted password fields is never visible through any app interface or Caspio table. If a user needs to change their password, new data can be entered through a Password Recovery DataPage.
In your form, require a minimum length for password that meets your standards. Many experts recommend requiring at least eight characters and including numbers and special characters. Enforcing strong passwords is a planned as a future option in Caspio, however at this time you can achieve this with a custom script.
Prompt your users to change their password every 3 months and encourage them not to use old passwords. One way to prompt your users is to send an email which links to a Password Recovery DataPage.
To prevent brute force hacking, consider adding CAPTCHA to login forms. This can be done in the Authentication wizard when Advanced is selected on the first screen. Alternatively, you can ask for a two part authentication process, such as password and a security question.
To learn more about Caspio authentication, visit our HowTo site for step-by-step articles and video tutorials.
Do you have any other tips for securing your Caspio apps? Share it with other users.