Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Built-in password audit?

    Feature Requests
    feature-request password security
    4
    7
    68
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yusf
      yusf last edited by girish

      Wouldn't it be nice to have Cloudron audit user password for known leaked ones via haveibeenpwned.com or similar? As admins we need to protect users from themselves if they're using bad passwords.

      jdaviescoates 1 Reply Last reply Reply Quote 4
      • jdaviescoates
        jdaviescoates @yusf last edited by

        @yusf yes, I'd like to be able to force users to use strong passwords too (like I can in WordPress)

        yusf 1 Reply Last reply Reply Quote 1
        • yusf
          yusf @jdaviescoates last edited by

          @jdaviescoates That would be another great password-enhancing feature for sure. At this point I'd just be happy if users don't use pwned ones. 😆

          1 Reply Last reply Reply Quote 1
          • girish
            girish Staff last edited by

            There's a nice API for HIBP - https://haveibeenpwned.com/API/v3 but it seems there is a fee as well, so we have to make it an optional feature.

            I would like to see something like https://github.com/dropbox/zxcvbn integrated (this is just a UI password strength checker).

            1 Reply Last reply Reply Quote 2
            • Hillside502
              Hillside502 last edited by

              How about:-

              How Secure is My Password for your own website
              https://github.com/howsecureismypassword/hsimp
              https://howsecureismypassword.net/

              1 Reply Last reply Reply Quote 2
              • girish
                girish Staff last edited by

                @Hillside502 yeah, just noticed zxcvbn hasn't seen much activity in 3 years.

                1 Reply Last reply Reply Quote 1
                • Hillside502
                  Hillside502 last edited by

                  Firefox Monitor Server -- breach data is powered by haveibeenpwned
                  https://github.com/mozilla/blurts-server
                  https://monitor.firefox.com/

                  1 Reply Last reply Reply Quote 2
                  • First post
                    Last post