Security
Keycloak provides a strong set of tools for securely setting up your system. They are not necessarily enabled by default as use cases vary greatly. For that reason, we have provided a set of articles to help you understand how to use these features and our recommendations for best practices.
Guides
📄️ Password Blacklist
Keycloak provides an easy method to add a password blacklist to your realm. This is useful for preventing users from choosing common or compromised passwords. If you don't have a password blacklist, you can use the one provided by Have I Been Pwned.
📄️ Password Policy
Keycloak provides a flexible password policy system that allows you to enforce various rules for user passwords. This is crucial for maintaining security and ensuring that users create strong passwords. While this guide is to provide information on how to set up strong passwords, it is not a substitute for multi-factor authentication (MFA), which is highly recommended for all accounts.
📄️ Brute Force Detection
Keycloak provides a brute force detection feature that can help protect your realm from malicious login attempts. This feature is not enabled by default, so you will need to configure it according to your security requirements.
📄️ Allow/Deny Lists
This feature will be available to Phase Two customers in the near future.
📄️ Rate Limiting
This feature will be available to Phase Two customers in the near future.
📄️ Penetration Tests
Phase Two maintains compliance that can be reviewed at trust.phasetwo.io. This includes a list of penetration tests that have been performed on our platform.