We use cookies to try and give you a better experience in Freshdesk.
You can learn more about what kind of cookies we use, why, and how from our Privacy policy. If you hate cookies, or are just on a diet, you can disable them altogether too. Just note that the Freshdesk service is pretty big on some cookies (we love the choco-chip ones), and some portions of Freshdesk may not work properly if you disable cookies.
We’ll also assume you agree to the way we use cookies and are ok with it as described in our Privacy policy, unless you choose to disable them altogether through your browser.
Date Available: Beta 1/15, Prod 1/20
Which customers are impacted?: Only customers who enable this configuration will be impacted.
Required?:
No, opt-in.
How to turn on:
This will not be automatically enabled for our customers. It will be available beginning on the dates listed above. If you’d like to take advantage of this functionality, please reach out to your Blend account team.
Purpose of Update and Benefit: This update introduces an opt-in configuration that prevents a user’s password from containing their email address. This update applies to all borrower and lender users who have passwords; it does not impact SSO users or magic link users.
From an information security perspective, this allows customers to follow the recommendation in section 3.1.12 of NIST’s special publication 800-63B-4, which recommends that passwords be prevented from containing, “the username, and derivatives thereof.”
Current Behavior: Currently, and by default, Blend applies standard complexity requirements to passwords but does not prevent passwords from containing email addresses.
New Behavior: Now, in addition to the standard complexity requirements, Blend can optionally prevent passwords from containing email addresses. This change does not impact existing passwords. Only newly created or reset passwords will be subject to this new constraint after the configuration is enabled.
0 Votes
0 Comments
Login to post a comment