This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
The default username and password option for the Developer Portal lack basic security features.
I was able to set 12345678 as my password. Administrators have no way of setting up a better password policy.
A developer portal might contain confidential documentation and give access to Subscription keys.
This is a serious security risk for an Internet-facing web portal.
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
@Anonymous You can improve security by using Azure AD (or Azure AD B2C) for authenticating users to the developer portal as an alternative. If required, you could also have your own authentication server by delegating authentication to it.
Please do feel free to share this feedback on the developer portal repo as well to improve the default username/password security.
I understand alternatives exist however you still offer and support this Username and Password feature. It should not be a big security risk. It could be improved with small changes. The current password creation check for a minimum of 8 characters. You could make that check either configurable or secure enough for the 21st century.
Alternatives have their own limitations.