Dovetail employs industry-standard techniques for password management, encryption, storage, complexity, and reset.
The Dovetail web application user authentication system uses Bcrypt to hash and salt user passwords. Each password has a uniquely generated salt, and the 'pepper' is stored independently from the database.
The Dovetail web application enforces a strong password complexity standard and require user passwords to have at least:
1 lower case character
1 upper case character
1 special character
The Dovetail web application prevents brute force attacks (for password based authentication) by locking the targeted user account after 5 failed attempts. A notification email is sent to the user that includes a link that can be used to unlock the account.
In the event that a user forgets their password, a user can request their password be reset via a link that is sent to the user's verified email address. This link expires within a limited amount of time if not used.
Dovetail encourages customers and users to leverage a password manager to maintain, store, and fill strong passwords when using Dovetail.
Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.Get help