Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Built-in password audit?

Built-in password audit?

Scheduled Pinned Locked Moved Feature Requests
feature-requestpasswordsecurity
7 Posts 4 Posters 736 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • yusfY Offline
    yusfY Offline
    yusf
    wrote on last edited by girish
    #1

    Wouldn't it be nice to have Cloudron audit user password for known leaked ones via haveibeenpwned.com or similar? As admins we need to protect users from themselves if they're using bad passwords.

    jdaviescoatesJ 1 Reply Last reply
    3
    • jdaviescoatesJ Offline
      jdaviescoatesJ Offline
      jdaviescoates
      replied to yusf on last edited by
      #2

      @yusf yes, I'd like to be able to force users to use strong passwords too (like I can in WordPress)

      I use Cloudron with Gandi & Hetzner

      yusfY 1 Reply Last reply
      0
      • yusfY Offline
        yusfY Offline
        yusf
        replied to jdaviescoates on last edited by
        #3

        @jdaviescoates That would be another great password-enhancing feature for sure. At this point I'd just be happy if users don't use pwned ones. 😆

        1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish Staff
          wrote on last edited by
          #4

          There's a nice API for HIBP - https://haveibeenpwned.com/API/v3 but it seems there is a fee as well, so we have to make it an optional feature.

          I would like to see something like https://github.com/dropbox/zxcvbn integrated (this is just a UI password strength checker).

          1 Reply Last reply
          2
          • ? Offline
            ? Offline
            A Former User
            wrote on last edited by
            #5

            How about:-

            How Secure is My Password for your own website
            https://github.com/howsecureismypassword/hsimp
            https://howsecureismypassword.net/

            1 Reply Last reply
            2
            • girishG Offline
              girishG Offline
              girish Staff
              wrote on last edited by
              #6

              @Hillside502 yeah, just noticed zxcvbn hasn't seen much activity in 3 years.

              1 Reply Last reply
              1
              • ? Offline
                ? Offline
                A Former User
                wrote on last edited by
                #7

                Firefox Monitor Server -- breach data is powered by haveibeenpwned
                https://github.com/mozilla/blurts-server
                https://monitor.firefox.com/

                1 Reply Last reply
                2

                • Login
                • Don't have an account? Register
                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search