Integration, Extension, and Management
Prevent passwords exposed in data breaches – 3900.67
Blackboard Learn SaaS, Blackboard Learn 9.1
Ultra Experience, Original Experience
Impact: All users allowed to change passwords in Learn
Some institutions use an identity provider, such as Azure Active Directory, to authenticate users. Others manage passwords within Learn. In recent releases, we have prioritized improvements to the security of passwords managed in Learn.
Now institutions can also restrict users from selecting passwords exposed in a data breach. This is an important security measure since passwords like "123456," "qwerty," or "password123" are frequently targeted by hackers.
When a user attempts to change their password within Learn, we check it against a global database of breached passwords. If the chosen password is among passwords in the database, we notify the user and require them to select a different password. This helps to ensure that users' passwords are strong and secure, reducing the likelihood of unauthorized access to their account.
Image 1. A user is informed that their proposed password was exposed in a security breach
Image 2. An administrator configures the exposed password protection policy
For administrators: For most institutions, this feature is off by default. It must be enabled by an administrator.
For United States government clients in FedRAMP boundaries: This feature is on by default. If your compliance boundary changes, you should confirm your configuration.