Should all Have I Been Pwned passwords be removed from the Nerdlist as duplicates?

[tarahmarie]

Passwords like "password" and "12345" are on HIBP as well, and even though they're anecdotally in use as admin passwords, to have them here is duplicating HIBP functionality.

How do folk feel about de-duping HIBP strings?

[eanmeyer]

Definitely de-dupe. I think this has way more value as a specific list than having a ton of overlap.

[rstalets]

I think it depends on the ultimate goal of the project. If the goal is to be an efficient password list, then probably yes. For example - I have a pending PR for "guest" because Archer. That's all over a bunch of other lists already, and if the goal is to be efficient then we clearly shouldn't be trying that. I mostly committed it because I watch a lot of Archer and I thought it was funny.

However, the way you framed the goal, or at least your intentions, for this project at WWHF makes me think no. The reason is this: Over time, HIBP is only going to grow, eventually encompassing most passwords that you may find here. That is going to result in a lot more "no" and may be counter to your hope of encouraging new folks to contribute to the community.

Learning tools are not necessarily efficient tools. Which do you want to be?

[tarahmarie]

I think the best way to go about this is to be inclusive and permit generally most passwords (I've actually removed one or two for being ableist even if they are valid) and to make sure that the silver coins only go to people who crack with passwords from the list that aren't duped in HIBP. That way all folk can contribute (and I just merged a PR using "guest" from Archer's mainframe, and there's no way that isn't on the HIBP list but OMG I love it).

[tarahmarie]

I will leave this open for another two weeks but have already edited the rules in solutions.txt under /solutions to reflect this. If no further comments or counterproposals are offered, I will close then without comment.

[rstalets]

Glad you enjoyed it. For those who haven’t seen the show: https://youtu.be/UduILWi2p6s

Also shows up in a few other places in the series.

[tarahmarie]

Hah; I didn't see the username--that was you. Solid add :D

[tarahmarie]

Ok, no further thoughts on this--I'm closing as a will-not-fix because inclusivity and the solutions scenarios already exempt HIBP passwords from a victory condition.