External users are not required to create a new password on a regular basis which causes potential security issues. In our instance internal users login with single sign on and the University has it's own process for password renewal for those. Even if a workaround is put in place to manually ask/remind external users to change their password there is the risk they will not do so.

Instructure (Canvas) to implement password rotation so external users are forced to change their password on a regularly (e.g. yearly) basis.

admin,instructor