Skip to main content

Password Management

Last updated 27/05/2024

How Passwords are Stored in Five

Passwords in Five and your application are stored as a one-way hash. Hashing is a one-way process that protects a password by turning it into a different and seemingly random string of characters. When you add a password for your online account, it is run through a mathematical algorithm and then stored in the database. When you log in, you'll enter your password, which is run through the same algorithm as before, it will then check that the hashed result matches the hashed password in the database. If everything lines up that you have entered the correct password, you will be signed in. A one-way hashed password cannot be restored, if your users of your Five account or your end-user application forget their password they will need to reset their password.

Reset Passwords

Let Users Reset Passwords

A user of your Five account or your end-user application has two ways they can reset their password. If they have forgotten their password and cannot log into their account, they can reset their password by clicking the Forgot Password button on the Sign In window. Alternatively, they can also change their password while being logged into Five or your end-user application. The steps on how a user can do this apply both to your Five account and to your end-user application.

Forgot Password

In the event a user forgets their password, they can click the Forgot Password button on the Sign In window and they will receive an email with directions on how to reset their password.

1. Click the Forgot Password button.


Forgot Password button
Figure 1 - Forgot Password button

info
The Sign In window will be replaced with the Reset Password window.

2. Their username needs to be entered and then click the Reset Password button.


Reset Password window
Figure 2 - Reset Password window

info
The user will receive a notification that they have received an email to reset their password. The email will be sent to the address supplied on the Users form.

Password reset notification
Figure 3 - Password reset notification

3. Click the Set Your Password button in the Reset Your Password email.


Reset Your Password email
Figure 4 - Reset Your Password email

info
The User will be navigated back to the Reset Password window.

4. Enter and confirm the new password and click the Reset button.


Reset Password window
Figure 5 - Reset Password window

info
The Reset Password window will be replaced with the Sign In window.

5. Their username and new password needs to be entered and click the Sign In button.


Sign In window
Figure 6 - Sign In window

tip
This works exactly the same in your end-user application!

User to Reset Password

A user of your Five account or your end-user application can change their password themselves using the Profile button while logged in.

1. Click the Profile button.

2. Click the Change Password button.


Profile and Change Password buttons
Figure 7 - Profile and Change Password buttons

3. Type your current password in the Current Password field.

4. Enter a new password and confirm it in the New Password and Confirm Password fields.

5. Click the Update Password button.


Update Password window
Figure 8 - Update Password window

info
You will be notified that you have successfully updated your password which you will need to click OK to.

Password updated notification
Figure 9 - Password updated notification

Password Strength

Strength in Five

For a user of your Five account, the password must meet the following criteria:

  • 8 to 32 characters
  • Have at least one symbol
  • Have at least one number

If you do not reach this criteria, the Password field will be displayed in red and you will not be able to save the password.

Strength in Your End-user Application

You can determine the strength of the passwords that the users of your end-user application must fulfil. You will need to do this on the User Settings page on the Applications record. You have Five levels to choose from:

  • Poor
  • Weak
  • Average
  • Strong
  • Very Strong

The Users form supplied by Five has our display type of _Password attached to the Password field. This will at a minimum make a user of your end-user application meet the criteria that is required to log into your Five account. Five also determines a password guessability through internal algorithms, and you can optionally enforce another layer of strength to passwords chosen by your users by selecting a password strength level.

For example:
A password of Abcdef123! satisfies the intial requirements. If you choose Poor, this kind of password would be acceptable, however choosing Very Strong, will be unacceptable. To make this password accepted in this case, it would need to change to something such as: A1bc2d3!@#abc

Using a combination of the above, you can balance the right user experience and security for your appropriate customer base.

tip
To make your password fully customizable to meet your requirements, you can create your own display type based on the Password display type with a mask and attach it to the Password field!

Locked Accounts

Once a user of your Five account has performed three failed log in attempts, their account will be locked. The Password Fails field on the Users form will display how many failed attempts a user has had.

Account locked
Figure 10 - Account locked

By default, in your end-user application the number of failed log in attempts is set to 3, however, you can change this on the User Settings page on the Applications form.

Unlock a User's Account

1. Edit the Users record and click the Locked switch.

2. Click the Save button in the form app bar.


Unlock a user's account
Figure 11 - Unlock a user's account

info
The user of your Five account will now have their account reset and can click the Forgot Password button on the Sign In window to reset their password.

Enforce a User to Change Their Password

You can enforce a user to change their password on their next login simply by turning the Password Update Next Login switch on. If you do this for a user that has forgotten their password you will need to provide them with a temporary password and this value must be saved in the Password field. When the user goes to log in to their Five account next time they will be forced to change their password using the Update Password window. This works exactly the same way in your end-user application.

Password Update Next Login switch
Figure 12 - Password Update Next Login switch