You can make user authentication more secure by defining login policies for password requirements, multi-factor authentication, lockout policies, and other similar restrictions.
- Using the login policies settings
Enable security policies for user authentication and session management to improve application security. You can control the strength of user IDs and passwords, manage session time-outs and the disabling of operator IDs, control the auditing of login events, and implement CAPTCHA and multifactor authentication.
- Customizing CAPTCHA presentation and function
Pega Platform provides CAPTCHA validation on login as one of the options on the Security Policies landing page. A CAPTCHA (or Reverse Turing Test) creates a challenge that is easy enough for a human user to meet, but which is likely to defeat standard automated software.
- Multi-factor authentication with a one-time password
Pega Platform supports two-factor authentication by sending a one-time password (OTP) to a user through email. The user must enter this one-time password in your Pega Platform application for verification.