Security / Login Spec


This spec covers the basic functionality required to provide secure login functionality as the frontispiece for the entire QBO3 application.

  • passwords need to meet certain security requirements
  • new users must be able to register and login immediately thereafter
  • users need to be able to request a password reset
  • user accounts should be locked after 3 failed login attempts


  • The security module
    • New users can be created
    • Can request a password reset
    • allows resetting of a password via a secure link
    • does not allow short passwords
    • does not allow weak passwords
    • does not allow key words
    • does allow strong passwords
    • locks an account out after 3 failed login attempts
    • Can delete users