Diversify password.*.blacklist.previous (closes #269, closes #96)

opws · Feb 23, 2017 · f0f14d3 · f0f14d3
1 parent 2af5199
commit f0f14d3
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/docs/fields.md b/docs/fields.md
@@ -57,11 +57,15 @@ Array of keywords describing other fields of the user's profile that a password
 - `firstname`
 - `lastname`
 
-## password.value.blacklist.previous, password.contents.blacklist.previous
+## password.value.blacklist.previous.count, password.contents.blacklist.previous.count
 
-Number of retained, previously-used passwords that a password may not match or contain, respectively. When the number is not known, this field's value will just be `yes`.
+Number of retained, previously-used passwords that a password may not match or contain, respectively.
 
-(`password.contents.blacklist.previous` implies that a site is retaining the plaintext of the user's passwords, and is a *huge* red flag compared to `password.value.blacklist.previous`, which only implies that previous *hashes* are retained.)
+(`password.contents.blacklist.previous.count` implies that a site is retaining the plaintext of the user's passwords, and is a *huge* red flag compared to `password.value.blacklist.previous.count`, which only implies that previous *hashes* are retained.)
+
+## password.value.blacklist.previous.period
+
+Period of time passwords may not be reused for, as a string like "90d" for 90 days (or "forever", if there doesn't appear to be a limit).
 
 ## password.contents.whitelist
 

diff --git a/profiles/adobe.com.yaml b/profiles/adobe.com.yaml
@@ -12,7 +12,8 @@ password:
       - username
       - firstname
       - lastname
-      previous: yes
+      previous:
+        period: forever
   contents:
     required:
     - classes:

diff --git a/profiles/ebay.com.yaml b/profiles/ebay.com.yaml
@@ -7,7 +7,8 @@ password:
     blacklist:
       dictionaries:
       - theme: common
-      previous: yes
+      previous:
+        period: forever
     notes:
     - url: http://pages.ebay.com/help/new/contextual/create_password.html
   contents:

diff --git a/profiles/mashery.com.yaml b/profiles/mashery.com.yaml
@@ -4,7 +4,8 @@ password:
     length:
       min: 8
     blacklist:
-      previous: 3
+      previous:
+        count: 3
   contents:
     required:
     - classes:

diff --git a/profiles/orcacard.com.yaml b/profiles/orcacard.com.yaml
@@ -15,7 +15,8 @@ password:
     blacklist:
       variables:
       - username
-      previous: 4
+      previous:
+        count: 4
   reset:
     onetime:
       request: