Open leekelleher opened 1 year ago
Hi @leekelleher
The only thing that really matters here is length and encouraging the use of password managers and passphrases.
Complexity requirements and password expiry makes people create systems, that make password attacks easier. (Fall2022! etc) A sensible minimum requirement is 12+ characters and give bonus points if people use something besides alphanumeric characters.
A strong feature would be to enable API access to something like HaveIBeenPwned to prevent people from using existing, leaked passwords. https://haveibeenpwned.com/API/v2
Kind regards Frederik
Idea summary
After reading Raymond Chen's blog post - Why is there a passwords.txt file on my system that’s filled with somebody else’s passwords? - I wondered if the
passwords.txt
could leveraged when a user changes their password with the Umbraco backoffice.Which categories would the idea fit?
Code of Conduct