To ensure that we have the utmost security in our application, we are changing our password policy to prevent the use of “password” among other highly common expressions being used as passwords. This enhancement will take effect over the course of the next few months and will be implemented using the following timeline:
Starting now, you can no longer use any password that contains the word "password" or other commonly used phrases.
On September 1, 2016, all new users added via user import will no longer have a default password assigned. Alternatively, these users can select the "Forgot your password?” option to reset their password.
Note: All users who log in with an insecure password will be prompted to reset their password. Passwords must contain a combination of letters and numbers, and meet the minimum length requirements defined for your site.
On October 10, 2016, any remaining passwords that are insecure in all modules will be invalid, and each user will be required to reset the invalid password. If a user attempts to use an invalid password to sign in, a warning message will display, indicating that their password must be reset.
Using more secure passwords can help you protect your data from potential breaches, increasing the security of your site. If you have any questions, please call 713-526-1029, or send an email to firstname.lastname@example.org.