Built-in password audit?
-
Wouldn't it be nice to have Cloudron audit user password for known leaked ones via haveibeenpwned.com or similar? As admins we need to protect users from themselves if they're using bad passwords.
-
@yusf yes, I'd like to be able to force users to use strong passwords too (like I can in WordPress)
@jdaviescoates That would be another great password-enhancing feature for sure. At this point I'd just be happy if users don't use pwned ones.
-
There's a nice API for HIBP - https://haveibeenpwned.com/API/v3 but it seems there is a fee as well, so we have to make it an optional feature.
I would like to see something like https://github.com/dropbox/zxcvbn integrated (this is just a UI password strength checker).
-
How about:-
How Secure is My Password for your own website
https://github.com/howsecureismypassword/hsimp
https://howsecureismypassword.net/ -
Firefox Monitor Server -- breach data is powered by haveibeenpwned
https://github.com/mozilla/blurts-server
https://monitor.firefox.com/
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login