Email Authentication

Adding Users to Fiddler

To onboard a user to Fiddler, an Org Admin will use the Fiddler UI to create a user invitation, as documented here. An invite link is generated and emailed directly to the user using the email address provided. In environments where the email is not configured, the administrator can copy the link and share it with the intended user through other means.

• The invitation can later be revoked by an Org Admin. Invitations do not expire.

Upon receiving the invite link, the user can click on it, fill out the required details in the invite form, and create their Fiddler account.

Password Security

Fiddler uses bcrypt with salt to generate the hash from the passwords provided by users and it is this hash rather than the password and salt that is stored securely. When users enter their passwords during account creation and when logging in, the input is masked and transmitted securely using TLS v1.2+.

Password Requirements & Policy

Password requirements:

• Password must be at least 14 characters long

• Password must contain a lowercase character

• Password must contain an uppercase character

• Password must contain only printable ASCII characters (character codes 32-127)

• Password must contain a number and a special character

• New password must be different from current one

Password policy:

• There is no password expiration policy

• Login delay of 2-4 seconds enacted when, within a 15 minute window:

  • More than 10 failed login attempts for the same email address

  • More than 15 failed login attempts from the same IP address