LoicPoullain
commented
1 year ago Hi @lcnvdl 👋
I'm ok to re-add the package. 👍 Do you want to submit the PR? The latest version of @foal/password can be found on the branch v2.x.
Closed lcnvdl closed 1 year ago
LoicPoullain
commented
1 year ago Hi @lcnvdl 👋
I'm ok to re-add the package. 👍 Do you want to submit the PR? The latest version of @foal/password can be found on the branch v2.x.
lcnvdl
commented
1 year ago Sure! I'll do it!
LoicPoullain
commented
1 year ago PR merged
Hi, how are you? I wanted to bring this topic. I understand that the reason the
@foal/passwordpackage was removed is because most common passwords were in English.However, I was reading the OWASP top 10 "standard". Link: https://owasp.org/Top10/A00_2021_How_to_use_the_OWASP_Top_10_as_a_standard
What is OWASP? Explained in my words, it is a "community" security standard, accepted by many companies as a "security basic manual". From time to time they make a top 10 vulnerabilities that most affect projects, and how to solve or mitigate them.
In the Top 10, the "OWASP Top 10:2021 A07 Identification and Authentication Failures" caught my attention.
I marked in bold the point that caught my attention.
https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
Description: (...) Permits default, weak, or well-known passwords, such as "Password1" or "admin/admin". (...)
And the
How to prevent: (...) Implement weak password checks, such as testing new or changed passwords against the top 10,000 worst passwords list. (...)My point is, that using this list is part of the top 10 of a standard accepted worldwide by many companies.
I think the cost of having @foal/password, along with the benefits it includes, are 100% worth it.
What do you think?
Thank you very much for reading