Security Settings


Applies to: Sana Commerce 9.2.1 and higher

Sana Admin accounts and web store accounts of the customers are password-protected. Sana Commerce policy requires Sana Admin users and web store customers to use strong passwords. It is critically important to have a secure and unique password. Moreover, Sana is protected against the brute-force attacks.

Using Security settings in Sana Admin, you can set up password security policy and force your users to use only strong and secure passwords. The security settings are applied to Sana Admin user accounts and Sana web store customer accounts.

The password security policy determines how strong (resistant to guessing) user passwords must be.

To set up password policy, in Sana Admin click: Setup > Security.

Enter the minimum allowed password length and select the password strength score. The default values are:

  • Minimum allowed password length - 7
  • Minimum allowed password strength score - Good

When a user creates an account, an instant feedback is shown about the password strength.

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. The strength of a password is a function of length, complexity, and unpredictability.

Password strength depends on different factors and is estimated based on the commonly used passwords, names and surnames, popular words and common patterns, like dates, repeats (aaa), sequences (abc), and keyboard patterns (qwertyuiop).