New Password Policy for a B2B Platform

For those unfamiliar with the term — as I once was — a Pentest is “an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system,” according to Wikipedia.

The test revealed that unauthorized parties could easily access the system's features and data. In one incident, an unhappy employee hacked into a supervisor's account and posted several accusatory messages against the company. These messages were seen by nearly all users at the time, and the Customer Success Team struggled to mitigate the resulting client discontent.

After careful analysis, the product team I led determined our main goal was to enforce stronger password practices among users.

The features we developed included:

An updated login page that allows users to sign in with an email and password or via a Google Account for convenience.

Enhanced password criteria, mandating a minimum of 6 characters, including at least 1 uppercase letter and 1 special character, to improve password strength.

Periodic termination of all user sessions across devices, necessitating users to re-login, thus reinforcing security.

50% of users adopt a strong password within six months.

Penetration tests show 65% fewer security vulnerabilities.