Prevent users from using a compromised password
Bug #1714606 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Troy Hunt released a massive database of compromised passwords (hashed): https:/
They passwords can be assumed to be available in all of the password-cracking dictionaries and therefore should never be used since they are trivial to crack.
Libravatar should use this database to
1. prevent users from registering a new account with one of these passwords,
2. prevent users from changing their password to one of these passwords, and
3. warn users who log into the site using one of these passwords and urge them to change their password.
More guidance in Troy's blog post: https:/
To post a comment you must log in.