-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the UserCredential Wiki .
One of the security weaknesses of many systems is in the way they allow to create user passwords.
If the system allows users to choose passwords that are too easy to guess, the security of the system is weak.
This package can implement password authentication policies.
It can perform several types of check to evaluate if user passwords and authentication procedures comply with security recommendations.
The base class can take as parameters a user profile with details like user name, password, full name, password hash, list of password hashes used in the past, account state and policy information.
The package also provides an Interface that allows plugging in 3rd party libraries, particularly for Multi Factor Authentication methods. To Illustrate how, we have plugged in MultiOTP library (https://github.com/multiOTP/multiotp) for the SMS OTP and Google Authenticator TOTP services that we have provided with this package.