Built-in password audit?
-
Wouldn't it be nice to have Cloudron audit user password for known leaked ones via haveibeenpwned.com or similar? As admins we need to protect users from themselves if they're using bad passwords.
-
@yusf yes, I'd like to be able to force users to use strong passwords too (like I can in WordPress)
-
@jdaviescoates That would be another great password-enhancing feature for sure. At this point I'd just be happy if users don't use pwned ones.
-
There's a nice API for HIBP - https://haveibeenpwned.com/API/v3 but it seems there is a fee as well, so we have to make it an optional feature.
I would like to see something like https://github.com/dropbox/zxcvbn integrated (this is just a UI password strength checker).
-
How about:-
How Secure is My Password for your own website
https://github.com/howsecureismypassword/hsimp
https://howsecureismypassword.net/
-
@Hillside502 yeah, just noticed zxcvbn hasn't seen much activity in 3 years.
-
Firefox Monitor Server -- breach data is powered by haveibeenpwned
https://github.com/mozilla/blurts-server
https://monitor.firefox.com/
