Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Built-in password audit?

Scheduled Pinned Locked Moved Feature Requests
feature-requestpasswordsecurity
7 Posts 4 Posters 259 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • yusfY Offline
    yusfY Offline
    yusf
    wrote on last edited by girish
    #1

    Wouldn't it be nice to have Cloudron audit user password for known leaked ones via haveibeenpwned.com or similar? As admins we need to protect users from themselves if they're using bad passwords.

    jdaviescoatesJ 1 Reply Last reply
    3
  • jdaviescoatesJ Offline
    jdaviescoatesJ Offline
    jdaviescoates
    replied to yusf on last edited by
    #2

    @yusf yes, I'd like to be able to force users to use strong passwords too (like I can in WordPress)

    I use Cloudron with Gandi & Hetzner

    yusfY 1 Reply Last reply
    0
  • yusfY Offline
    yusfY Offline
    yusf
    replied to jdaviescoates on last edited by
    #3

    @jdaviescoates That would be another great password-enhancing feature for sure. At this point I'd just be happy if users don't use pwned ones. 😆

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    There's a nice API for HIBP - https://haveibeenpwned.com/API/v3 but it seems there is a fee as well, so we have to make it an optional feature.

    I would like to see something like https://github.com/dropbox/zxcvbn integrated (this is just a UI password strength checker).

    1 Reply Last reply
    2
  • ? Offline
    ? Offline
    A Former User
    wrote on last edited by
    #5

    How about:-

    How Secure is My Password for your own website
    https://github.com/howsecureismypassword/hsimp
    https://howsecureismypassword.net/

    1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #6

    @Hillside502 yeah, just noticed zxcvbn hasn't seen much activity in 3 years.

    1 Reply Last reply
    1
  • ? Offline
    ? Offline
    A Former User
    wrote on last edited by
    #7

    Firefox Monitor Server -- breach data is powered by haveibeenpwned
    https://github.com/mozilla/blurts-server
    https://monitor.firefox.com/

    1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.