You can make user authentication more secure by defining login policies for password requirements, multi-factor authentication, lockout policies, and other similar restrictions.

• Using the login policies settings

  Enable security policies for user authentication and session management to improve application security. You can control the strength of user IDs and passwords, manage session time-outs and the disabling of operator IDs, control the auditing of login events, and implement CAPTCHA and multifactor authentication.

• Customizing CAPTCHA presentation and function

  Pega Platform provides CAPTCHA validation on login as one of the options on the Security Policies landing page. A CAPTCHA (or Reverse Turing Test) creates a challenge that is easy enough for a human user to meet, but which is likely to defeat standard automated software.

• Multi-factor authentication with a one-time password

  Pega Platform supports multi-factor authentication by sending a one-time password (OTP) to a user through email and SMS. The user must enter this one-time password in your Pega Platform application for verification.

• Application ID data instances