There are several authentication settings you can modify in the
config/eazybi.toml file. See the example file
config/eazybi.toml.sample for commented examples of settings.
devise.timeout_in specifies the time you want to timeout the user session without activity (by default 10 hours). After this time the user will be asked for credentials again.
devise.invite_for specifies the period the generated invitation token (that is sent in the invitation email) is valid (by default 2 weeks).
devise.remember_for sets the time the user will be remembered without asking for credentials again if the "remember me" checkbox is checked during the login (by default 2 weeks).
devise.maximum_attempts sets the number of authentication tries before locking a user if lock_strategy is failed_attempts (by default 5).
devise.reset_password_within specifies the time interval you can reset your password with a reset password key received in the password reset email (by default 6 hours).
devise.paranoid can be used to enable "paranoid mode" to avoid enumerating users. If enabled then a potential attacker will not be able to identify from the error messages if the user is registered in the system. Note, however, there is a limitation in the use of this parameter if the system allows registration. Check here for more.
devise.confirmation_required specifies if an email address confirmation email should be sent after a sign up (by default is
devise.allow_unconfirmed_access_for specifies for how long time user can log in without confirmed email (by default this is not enforced).
devise.reconfirmation_required specifies if a confirmation email should be sent (to the new email address) after an email is changed (by default is
devise.send_email_changed_notification specifies if a notification email should be sent (to the old email address) after an email is changed (by default is
By default, passwords should be at least 8 characters long and should not be more than 50 characters long. Specify a different range if needed.
Specify the minimum required password entropy (longer passwords or passwords with more unique characters have a higher entropy). Passwords with higher entropy are harder to guess using brute-force password cracking. The default value is 10. Try different complexity passwords to check if you need to increase or decrease this setting.
Specify if the most common password dictionary should be used to prevent easy-to-guess passwords (by default is enabled).