User Security

Password complexity

Password complexity can be set in an app’s Security Settings found within the Settings tab of the builder. Various options can be configured for users to follow in terms of password complexity for passwords set upon user signup or password reset.

  • The minimum character requirement can be set to a custom length.

  • A built-in check can be set to verify that no common words are used in passwords. Common words that are verified include character sequences that are not recommended for passwords such as 123, password, hello, etc..

  • A requirement of at least 1 number is met when a numeric character is included.

  • A requirement of at least 1 special character checks for a non-alphanumeric character.

  • A requirement of at least 1 lowercase character can be met with the inclusion of an a-z character.

  • A requirement of at least 1 uppercase character can be met with the inclusion of an A-Z character.

If any of the configured requirements are not met, the configurable message appears in addition to a list of the requirements that must be met before the password is successfully saved for the given user.

Session tracking

Each time a user logs into your app a session is created on the server and at any point can be deleted which will log users out. You can see and track all your currently active users and Logout them if necessary.

Keep in mind, this will only show users that still have a live session. To track past logins you must use the User Login Logs.

Login logs

In the default Users table of an app, user Login Logs can be configured and viewed within either the Login Logs or Settings tab. From the Settings tab, Login Logs can be configured to save a number of values for user events including login and logout. From the Login Logs tab, a table of logged records can be viewed based on the configurations that have been set.

Through an app’s Users table Settings tab, Login Logs can be enabled via the Log All User Logins option. Once enabled, the logs are set to contain the fields User Email, Type, Created Date, and User Name. The Type field represents whether the event is a login or logout and the Created Date is recorded as the time the event occurred. The Email and User Name are pulled from the logged-in user’s record in the Users table.

Upon enabling Login Logs, options to Log Host Information, Log IP Address, and Log User Location become available. These options each add fields to the Login Logs table.

  • Log Host Information adds five fields to your user login logs related to how the user is accessing your app. These fields are Browser, Platform, Screen Width, Screen Height, and URL.

  • Log IP Address adds one field to your user login logs representing the IP address from which the user is accessing your app.

  • Log User Location adds full address information to your logs. The fields included are Address, Address2, City, State, Country, Zip/Postal Code, Latitude, and Longitude. If the chosen setting is Enabled, the location will be captured based on whether the user's browser is allowing your app to access the location. If the chosen setting is Required, the user must have their browser set to allow location access for your app to log in. If the location is Required and the user chooses to block your app, the user will not be able to log in and the configurable message will show in a popup.

Disabling signups

From within the default Users table of an app within the Settings tab, front-end user registration can be enabled or disabled. By default, this feature is enabled and allows for the ability to utilize the signup component to add a new user to an app. Upon disabling this feature, any signup components cannot be utilized and will instead appear with the message configured to notify the page viewer that the component is not available.

 

Disabling Default Login Form

When you secure a page if a user accesses that page, a default login screen will be shown. This default form can be disabled and in many instances we recommend you do so. 

Unlike the Login component, the default login form doesn't have any rules or settings associated with it. Meaning, you can't restrict which user status' can login, or which roles can login to this form etc.