AUTH Password Filter #

Password filtering is a crucial mechanism for enforcing specific password requirements during user onboarding or when they update their passwords. It is executed on the client side, as the server receives only the MD5 hash of the password for enhanced security. Nonetheless, the developer defines the password filtering parameters on the server side, preserving them as part of the application settings. The client side then queries these parameters and assumes the responsibility of implementing the password filtering requirements on behalf of the application.

Developers have the flexibility to toggle password filtering on or off. When enabled, various filtering parameters come into play, governing the password composition. These parameters include:

• Minimum length: This establishes the minimum number of characters the password must contain.
• Require uppercase letters: It mandates the inclusion of at least one uppercase letter in the password.
• Require lowercase letters: It obligates the inclusion of at least one lowercase letter in the password.
• Require digit: This necessitates the presence of at least one numeric digit in the password.
• Require special character: It stipulates that the password must contain at least one special character from a specified set.

The special characters include @, %, +, , /, ‘, !, #, $, ^, ?, :, (, ), [, ], ~, `, -, _, ., and ,

By defining these filtering parameters, developers can ensure stronger password standards and bolster the security of their applications.

Within the CoSync Auth authentication system, the process of password filtering occurs exclusively on the client side and not on the server side. This deliberate design choice aims to minimize the impact on the server REST API. The CoSync Auth server solely stores the password filtering parameters, which are automatically fetched by the client during the application’s connection to the server.

By executing the password filtering on the client side, the burden on the server is significantly reduced, optimizing the overall performance and responsiveness of the authentication system. Moreover, this approach ensures that the client possesses the necessary information to enforce the password filtering requirements, fostering a smoother and more efficient user experience during onboarding and password updates.