Allow additional words to be added to the disallowed password dictionary
Problem
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Per current NIST password recommendations, context specific passwords should be disallowed - for example the application name, the site URL, etc.
Solution
I would like a password requirements option to define additional words that are not allowed in passwords - where I could add my company name, my company website etc. These additional words could be checked against in the same way breached passwords are checked against when verifying a new password is valid.
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to:
Passwords obtained from previous breach corpuses.
Dictionary words.
Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
Context-specific words, such as the name of the service, the username, and derivatives thereof.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
(Put feature request title here)
Allow additional words to be added to the disallowed password dictionary
Problem
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] Per current NIST password recommendations, context specific passwords should be disallowed - for example the application name, the site URL, etc.
Solution
I would like a password requirements option to define additional words that are not allowed in passwords - where I could add my company name, my company website etc. These additional words could be checked against in the same way breached passwords are checked against when verifying a new password is valid.
Additional context
NIST recommendation - this is a subset of point 4, and an extension of ticket https://github.com/FusionAuth/fusionauth-issues/issues/2733:
Related
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.