Personal information restricted in passwords – 3900.65
Blackboard Learn SaaS, Learn 9.1
Ultra Experience, Original Experience
Impact: All users allowed to reset their passwords in Learn
Some institutions use an identity provider, such as Azure Active Directory, to manage and authenticate users. Sometimes, user accounts are created in Learn. These users can set their own passwords. To bolster security, we are now restricting the use of personal information in user passwords.
Personal information includes fields such as first name, middle name, last name, username, and student ID. Users will now be unable to incorporate this information when creating a password. The system will notify users if they attempt to use profile information as part of their password.
Image 1. User is informed about not using profile information when changing a password
For administrators: This feature is always on, and it doesn’t require any configuration. Administrators should also avoid using personal information when setting a password for another user.