New Password Policy for a B2B Platform by Ana GarzonNew Password Policy for a B2B Platform by Ana Garzon

New Password Policy for a B2B Platform

Ana Garzon

Web Designer

Product Manager

Security Manager

Figma

Jira

Notion

Cybersecurity

Ensuring Security with New Rules for Editing and Creating Passwords

For those unfamiliar with the term — as I once was — a Pentest is “an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system,” according to Wikipedia.

The test revealed that unauthorized parties could easily access the system's features and data. In one incident, an unhappy employee hacked into a supervisor's account and posted several accusatory messages against the company. These messages were seen by nearly all users at the time, and the Customer Success Team struggled to mitigate the resulting client discontent.

Solution

After careful analysis, the product team I led determined our main goal was to enforce stronger password practices among users.

The features we developed included:

An updated login page that allows users to sign in with an email and password or via a Google Account for convenience.

Enhanced password criteria, mandating a minimum of 6 characters, including at least 1 uppercase letter and 1 special character, to improve password strength.

Periodic termination of all user sessions across devices, necessitating users to re-login, thus reinforcing security.

Guiding metrics

50% of users adopt a strong password within six months.

Penetration tests show 65% fewer security vulnerabilities.

You can see more details about this project in my portfolio: https://anafgarzon.com/projects/new-password-policy-for-a-b2b-platform

Like this project

Posted Apr 24, 2024

During one of the frequent penetration tests (Pentests) conducted by our Security Team, vulnerabilities such as weaknesses in user passwords were uncovered.

Likes

Views

Clients

UOL EdTech