A production release was performed today and the following items were migrated to LoanPASS:
- Users - For the creation of user accounts, new password constraints have been implemented into LoanPASS:
1. Passwords must contain a minimum of 8 characters. A warning message will display if this parameter is not met, stating "Password must be at least 8 characters". The admin will not be able to create the user account until the 8 character requirement has been met.
2. A newly created password will be automatically cross-referenced against a list/database of breached passwords for the highest level of security. If the password entered is listed as having been breached, a warning message will display to the admin stating "The password you entered has previously appeared in a data breach, and cannot be used for your account password. Please pick a strong unique password." Admin's will not be able to create the user account until this requirement has been met. (Database located here: https://haveibeenpwned.com/Passwords)
*Note - These password constraints were created using the guidance of "NIST Special Publication 800-63 Revision 3, Digital Identity Guidelines", located here: https://pages.nist.gov/800-63-3/sp800-63-3.html - Miscellaneous - Various back-end enhancements were released.
Thank you for your patience as the LoanPASS team is working to improve your product experience.