User Authentication
Sonar Legal implements robust authentication protocols to ensure secure access to the application.
Password Requirements
- Minimum Length: 12 characters
- Complexity Requirements: Passwords must contain a combination of uppercase and lowercase letters, numbers, and special characters
- Secure Hashing: Passwords are protected using the Argon2 hashing algorithm with unique salts, safeguarding against cryptographic attacks
Account Protection
- Automatic Lockout: Accounts are temporarily locked after 5 consecutive failed authentication attempts to prevent unauthorized access
Session Security
- Secure Sessions: Session cookies utilize cryptographically secure random tokens, hashed with SHA-256 and stored in Redis with 7-day expiration. Sessions are automatically refreshed at the midpoint of their lifetime
Multi-Factor Authentication
- Configurable 2FA: Two-factor authentication can be enabled on every launch for enhanced security
- Recovery System: Backup authentication codes are provided to maintain access in case of primary authentication device unavailability