Passwords are among the many application security measures integrated into Mendix development. A password ensures that only authorized persons (with the correct login credential) access a user account. However, if these credentials are stolen, an unauthorized person can use them to access an account and do more damage to your application, including stealing your sensitive data. And that’s why you should consider best practices for password management in Mendix applications. 

Mendix has a password policy outlining several requirements for your Mendix application passwords. These requirements are applied when changing the passwords of existing users and creating ones for new users. Here, we provide a detailed guide on the best practices for password management in Mendix apps to ensure your passwords are secure and safe from unauthorized access or misuse.

6 Best Practices for Password Management in Mendix Apps

Some best practices for managing passwords in Mendix solutions applications include the following:

  1. Use Strong Passwords 

Mendix enforces a strong password policy by default. However, you can be tempted to simplify these requirements for different purposes, like enabling single-character passwords to log in. Such passwords can be guessed by malicious intruders to access your Mendix application.  

You should specify password requirements following Mendix’s password policy guidelines to ensure secure, strong passwords. To set your password policy properties, go to App Security and click the Password Policy tab. Some password policy properties you can set for your Mendix application include the following:

  • Minimum length. This property specifies the required minimum password length.
  • Require digit. This requirement specifies that your password must contain at least a single number.
  • Require mix case. This property specifies that your password must have at least one uppercase character and one lowercase character. 
  • Require symbol. This specification outlines whether passwords must have at least one special symbol. Some common special characters include ~ ` ! @ # $ % ^ & * ( ) _ + { [ } ] | \

Activating these properties ensures that users select strong passwords, including numbers, uppercase and lowercase letters, and special symbols. As a result, your passwords will be strong and unlikely to be guessed by hackers. Use password strength indicators to inform users about their password’s strength level. 

  1. Use Multi-Factor Authentication (MFA)

As the name suggests, multi-factor authentication requires users to provide multiple forms of authentication to access their accounts. MFA provides an additional security layer for protecting users from unknown persons attempting to access the accounts, including personal data and financial assets. 

In addition to asking for a password, MFA requires users to provide an extra form of authentication. This can be:

  • Security token 
  • Fingerprint, or 
  • Sending a one-time code to their mobile device.

The strategy significantly minimizes the chances of an attacker accessing a user’s account. This is because they will be required to provide a correct password and an additional form of authentication, which may require the presence of the actual account owner. Therefore, implementing an MFA can help safeguard sensitive Mendix data and prevent security breaches associated with hackers accessing the application using real account owners’ credentials.

What’s more, it’s easy to implement MFA with Mendix. This low-code platform provides a multi-factor authentication module for Mendix applications. You can access and download this module from the Mendix Marketplace.

  1. Restrict Password Attempts 

Restricting password attempts can help you securely manage passwords in Mendix applications. This strategy protects your Mendix application from brute-force attacks. These attacks involve using the trial-and-error method to guess passwords by attempting all possible combinations until the correct one is found. 

Therefore, limiting the number of attempts a user can make significantly reduces the chances of a successful brute-force attack. When the user exceeds the set limit, their account will be temporarily disabled or locked, preventing further login attempts.

However, when setting password attempt limits, it’s crucial to balance security with usability, as locking out users can be frustrating and may impact user experience. So, provide clear instructions on how users can reset their passwords and unlock their accounts. 

  1. Salt and Hash Passwords 

Never store passwords as plaintext because hackers often target the password database record. Instead, keep them in a salted and hashed format. Salting involves a random string of characters added to your passwords before hashing to enhance their security. On the other hand, hashing converts your passwords into scrambled, irreversible format using a one-way algorithm. 

Storing your passwords in salted and hashed format ensures that even if hackers access your Mendix application database, they won’t read the original password. Instead, they will have to use the brute-force approach to guess passwords, which is time-consuming and computationally expensive. 

Use a strong hashing algorithm and a unique salt for each password to prevent attackers from using pre-computed hashed tables to accelerate the attack. 

But did you know that Mendix eases hashing and salting of passwords and other sensitive data? This low-code app development platform offers an encryption module on the Mendix Marketplace, which lets you encrypt passwords and other sensitive data accordingly.

  1. Set a Password Expiration Period

Some users keep their passwords the same for years. So, as a password management strategy, implement a password expiration policy, enabling users to change their passwords periodically. This will help prevent unauthorized access if a user’s password is compromised. 

  1. Educate Users 

While implementing technical solutions for password management is crucial, user literacy is essential to securing passwords in Mendix applications. Therefore, educating users on the best practices for password management in Mendix apps can help prevent user-triggered attacks. 

Some of the things to educate users on include: 

  • The importance of strong passwords
  • Passwords should remain secret (do not share passwords)
  • Avoid reusing passwords 

Final Thoughts 

Password management is crucial to maintaining your Mendix application’s security. Therefore, you should follow the best practices to ensure your passwords are safe from unauthorized access. Some best practices for password management in Mendix apps include using MFA, enforcing a strong password policy, and hashing or encrypting your passwords. Following these measures ensures that your Mendix application’s password management is secure and helps protect sensitive information. 

TIME BUSINESS NEWS

JS Bin