github logto-io/logto v1.9.0

latest releases: @logto/connector-vonage-sms@0.0.0, v1.21.0, @logto/tunnel@0.2.2...
14 months ago

New feature: Password policy

Password policy preview

Summary

This newly introduced feature empowers you to customize a range of password policies specific to your Logto tenant:

  • Minimum password length (default: 8)
  • Minimum character types (default: 1)
  • Prevention of breached passwords (default: Enabled)
  • Restriction of repetitive or sequential characters (default: Enabled)
  • Restriction of user information in passwords (default: Enabled)
  • Custom restricted words (default: None specified)

To begin configuring these settings, simply navigate to the Logto Console under "Sign-in experience" and select "Password policy".

Note
New to password policy? Check out our blog post Design your password policy to master this feature!

For Logto Cloud users, or if you are upgrading Logto from a previous version, please take note that we are committed to ensuring a smooth upgrade. As such, we will maintain your existing password policy as follows:

  • Minimum length: 8 characters
  • Minimum character types: 2
    • Please be aware that, with the implementation of the new policy, combining lowercase and uppercase letters will no longer be considered as a single character type.
  • Prevention of breached passwords: Disabled
  • Restriction of repetitive or sequential characters: Disabled
  • Restriction of user information in passwords: Disabled
  • Custom restricted words: None specified

Should you wish to update your password policy manually, you can do so within the Logto Console as described above.

Impact on users

  • All new users will be subject to the new policy immediately upon creation.
  • Existing users will not be affected by the updated policy until they choose to change their password.

Management API changes

We have removed password restrictions for adding or updating users via the Management API.

CLI improvements

  • Support region option for s3 storage (#4439).
  • Keep original untranslated mark when syncing translate keys (#4443).

Refactoring

  • Rename @logto/ui to @logto/experience.
  • Rename @logto/phrases-ui to @logto/phrases-experience.

These renames do not affect Logto product, so we didn't mark them as breaking changes.

Fixes

  • Fix the app crash when inputting verification code in Console profile page.
  • Align cli output for a better looking.

Don't miss a new logto release

NewReleases is sending notifications on new releases.