Topic: Username login security?

Can we have upper / lower case enforcement on the username for the login screen?

Right now to login any combination of upper or lower case letters logs in successfully

Admin
is the same as
admin
or
aDmin
or admiN

all work.

Username is half the login key, should have same check as passwords ...

Thanks!!

Re: Username login security?

I agree..

Re: Username login security?

I am not so sure about this. It is very common to let the username be case insensitive.
It is more important that the password is strong. And, really, this is not a Fort Knox issue.

Joe

Re: Username login security?

@joe
I like the Fort Knox analogy... smile big_smile
I still agree that we need a stronger userid. Most of the sites I visit now have userid rules (not passwords only). This admin is very trivial... of course users need to change it anyway..

5 (edited by Technicavolous 07/21/2021 04:28:50 pm)

Re: Username login security?

Thanks for the reply and consideration.

More and more user / pass is looking at user rules. I used admin as example, we had set up users with upper / lower case and characters and determined case was insensitive. It's nothing new -

https://passwordbits.com/usernames-need-unique/

just for your consideration ...

Thanks!!

Re: Username login security?

@joe , basically we have md5 encryption,  which is ok for Password. But now a days. Securing our framework is more important.  Than enhancing it. People are looking with two step authentications to prevent unknown tries.  But I feel the username case sensitive is a good to have for customers.

Subscription service based on FA
HRM CRM POS batch Themes

Re: Username login security?

Our parent company has given us until Dec 31 2021 to comply with their security guidelines. Account Security is a major part of their focus, and we will not be allowed to use FA after that date if the login is not case sensitive.

This SUCKS.

I've build into FA for many years and it's great for us. The learning curve of a financial package is extreme and we anticipate many difficulties during the transition.

PLEASE FIX THE LOGON SECURITY OF FRONTACCOUNTING SO WE CAN CONTINUE USING IT!
The security team states there are other vulnerabilities in FA but that they can be remedied by firewall magic. The login security is a show stopper.

Thanks for your serious and timely consideration.

8 (edited by Technicavolous 09/22/2021 04:13:43 pm)

Re: Username login security?

BTW

The security co is requiring us to have usernames that are basically passwords - 12+ characters that must have a combination of upper and lower case letters, numbers and punctuation, no dictionary words, no repeating characters, etc ...

Also, they're suggesting spaces in passwords be acceptable as the trend is going to 'pass phrases' vs passwords.

Re: Username login security?

Hire a FA  developer and make him to create a module and connect the login with hooks as well as replace the user account page with a custom one which will have to ask those combinations in password. This way you can make this happen.

FA can provide support to many things. But it has to common needs for all users. Except you no one is active to seek this enhancement.

Or may be you can create and contribute it to FA development community , it's depends on your interest towards the contribution of the FA  community.

Thank you

Subscription service based on FA
HRM CRM POS batch Themes

Re: Username login security?

We ended up putting another server in front of the FA machine that meets their requirement, then log in to FA from there. Makes me log in twice but meets their demands ...

Re: Username login security?

May I ask what software the front server is using and if it is chargeable.?

Re: Username login security?

I'm not sure what it is based on but it presents itself as a Remote Desktop login. Once authenticated to a desktop one browses to a local address:port and the FA login is presented.

Re: Username login security?

VPN?
htaccesspwd?