search

instructure / canvas-lms

The open LMS by Instructure, Inc.
https://github.com/instructure/canvas-lms/wiki
GNU Affero General Public License v3.0
5.42k stars 2.42k forks source link

Update password policy #2223

Closed gdenne closed 11 months ago

gdenne commented 1 year ago

Updated common password policy to only include passwords >8 characters due to NIST policy - Canvas does not allow passwords under 8 characters so much of the list was redundant because it had passwords lower than 8. I also changed the password example in the UI to a commonly known bad example password because the UI error message was a bit confusing in showing 'password' when talking about password policy.

CLAassistant commented 1 year ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Gary Denne seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

dustin-cowles commented 1 year ago

Hi @gdenne, thanks for your contributions! This commit is based on a very old and non-merged commit. Can you please rebase it on the tip of master? Thanks! Dustin

gdenne commented 1 year ago

Hi @dustin-cowles Sorry, my bad. Let me give that another go.

gdenne commented 1 year ago

@dustin-cowles PR updated, thank you for your help!

dustin-cowles commented 11 months ago

It is possible for a Canvas instance to be configured to not allow common passwords and to allow passwords <8 characters.