Add error to Validate if password is common

[f0nkey]

Inspired by how bad pattern locks are on phones, I added some code to count continuous (or maybe contiguous) pattern lengths as 0.

If you swipe your finger across your keyboard, in any direction, along the red lines in this image, it will be length 0.

Please let me know which changes you'd like to see and if these additions are appropriate. Disallowing patterns may count as one of those stupid rules. :smiley:

[f0nkey]

I considered removing common-password substrings, but that would penalize battery and horse from correctbatteryhorsestaple, which is considered a decent password!

Instead, I made it so Validate sees if the password matches 1:1 to a common one, and will tack on some text to the error, telling the user they should use an uncommon password.

Some common patterns are in the password list, such as variations of qwerty and asdf. https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt

This article claims 99.8% of 6 million passwords sampled occur in the "top 10,000 passwords" list.

[f0nkey]

Need to embed most-common-passwords.txt into a go file instead of ioutil.Reading it, and change length to 1 if it matches a password before this is ready

[wagslane]

I applaud your efforts, but I feel we may be searching for a problem that doesn't exist. I don't love the idea of loading 10,000 strings into memory just by importing this package. Thanks for your efforts and I would love to see further contributions in the future. Maybe open an issue first so we can decide if it should be addressed before spending time coding!