Skip to content

Check new user passwords against database of pwned passwords #1798

Description

@nhoening

We have one password strength test: to be at least 8 characters long.

I suggest to try a feature in flask-security.

Add this to utils/config_defaults.py:

SECURITY_PASSWORD_CHECK_BREACHED = "best-effort" # will try to check https://api.pwnedpasswords.com

Then, add a new user, and when going to the reset-pwd dialgoue (check mail via mailhog for the link), try a password like "testtest" and see if that is flagged, and how the user sees that.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions