Product security features
Single sign-onPasswords
Encryption and storageComplexity standardFailed login attemptsSecure resetPassword managers
Project access controlDomain allowlistingUser rolesSession management
More articles
Help homeSecurityProduct security features

Passwords

Dovetail employs industry-standard techniques for password management, encryption, storage, complexity, and reset.

Encryption and storage

The Dovetail web application user authentication system uses Bcrypt to hash and salt user passwords. Each password has a uniquely generated salt, and the 'pepper' is stored independently from the database.

Complexity standard

The Dovetail web application enforces a strong password complexity standard and require user passwords to have at least:

  • 12 characters

  • 1 lower case character

  • 1 upper case character

  • 1 number

  • 1 special character

Failed login attempts

The Dovetail web application prevents brute force attacks (for password based authentication) by locking the targeted user account after 5 failed attempts. A notification email is sent to the user that includes a link that can be used to unlock the account.

Secure reset

In the event that a user forgets their password, a user can request their password be reset via a link that is sent to the user's verified email address. This link expires within a limited amount of time if not used.

Password managers

Dovetail encourages customers and users to leverage a password manager to maintain, store, and fill strong passwords when using Dovetail.

Was this article useful?
Related articles
The basics
Change your password
Authors
Bradley Ayers
Co-founder / CTO
Article info
Last updated 8 January 2021
1 min read

Get help

Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.

Get help