Here are some things that have happened since last week’s update.

Password policy implemented

The Projectify sign-up page now implements a password policy. Passwords are checked using the default Django password validation rules.

The rules at the time of writing are as follows:

Your password can’t be too similar to your other personal information.

Passwords are compared to the user’s email. If they are too similar, the password is rejected.

Your password must contain at least 8 characters.

Your password can’t be a commonly used password.

Your password can’t be entirely numeric.

Short passwords, or passwords using only a small variety of symbols don’t have enough entropy and may be brute forced. See here for an overview of password length and how much information entropy it contains.

Passwords can’t be set to popularly used passwords, such as qwerty, 12345678, or lol123. While users are responsible for setting a safe password themselves, the Projectify software should at least make some effort to guide users to choose better passwords. Commonly used passwords are used commonly.

I recommend using a reputable password manager to create and manage random passwords. You can set long passwords containing non-alphanumeric characters on Projectify without any worries that it the server truncates or rejects it. Many websites have frustrating password complexity restrictions that lead users to choosing weak passwords and worsen their security.

Help pages updated

I’ve rewritten most of the help pages to better reflect the current state of the UI. The previous version of the Projectify help was written with an older UI design and hasn’t been updated since then. A lot of UI component labels have changed, and many times the general layout of the UI has changed as well. You can find the help pages here (external link).

Should you have any questions about how to use Projectify, you can always contact us here (external link).

Task create and update improved

The frontend now asks users to confirm before they navigate away from a task that they have started creating or updating to prevent discarding changes by accident.

Technical updates

Here are some technical changes to Projectify that improve the behind the scenes features of the Projectify app:

The WebSocket API now validates HTTP origin headers to prevent cross site request forgeries. This was not implemented correctly in the beginning, and a follow-up pull request on GitHub fixed a configuration issue.

A few modules in the frontend and backend have been simplified and refactored for readability. Two model admins in the Django administration pages have been improved for better usability as well.

An OpenAPI schema for the backend API is now created semi-automatically and I have started using it to type-check requests made by the frontend.

When viewing different tasks in the frontend, the task viewed before would flash for less than a second. This was due to a bug in the custom WebSocket store implemented in the frontend. This issue was discovered and fixed in a pull request.

Python was updated on Heroku and CircleCI to use Python version 3.11.6.

The size of the ProjectReadUpdateDelete GET response was reduced to improve dashboard load times when viewing a project.