Open yunohost-bot opened 6 years ago
alexAubin
commented
5 years ago Since 3.3, passwords are tested against the list of the 100k most used passwords : https://github.com/YunoHost/yunohost/blob/stretch-unstable/data/other/password/100000-most-used.txt.gz
dunno if want to go further
gnouts
commented
5 years ago Testing password against most used passwords is really nice, I didn't know it was doing that :) Also, I agree with Bram's friend, testing against the haveibeenpawnd database could be better. I'm really afraid my users are reusing their weak passwords. As it's the only wall between internet and our data, I'll be a bit more reassure.
Psycojoker
commented
5 years ago I know that nextcloud is doing this now https://nextcloud.com/blog/nextcloud-will-check-passwords-against-database-of-haveibeenpwned/
eauchat
commented
2 years ago Just discovered zxcvbn, a tool designed to help checking week passwords and suggesting better options.
Personally, I believe it could be nice that the password change/creation web interface displays some small explanations of what is a good password (e.g. a passphrase), to help users to orientate.
Original Redmine Issue: 1084
Author Name: Bram
From a friend:
That could be an interesting feature to include into YunoHost to enforce better password, in addition to other features already suggested to improve YunoHost passwords.