Page MenuHomePhabricator

Warning for often used passwords
Open, WishlistPublic

Description

Use the API from https://haveibeenpwned.com/ to display the number of breaches of a password, when a user chooses it.

Something like an orange banner "This password is in 4865 breaches."

This should not be blocking (because a lot of passwords are breached already) but it's a nice addition.

There could be a link to the website too, called "read more" or something similar.

This could be done server-side to ensure anonymity or client-side to decrease the load, i'm not sure.

Event Timeline

CLOVIS triaged this task as Wishlist priority.Jan 17 2019, 5:06 PM
CLOVIS created this task.

I don't like the idea of transmitting user passwords to a third party.

Agreed, I could see this for emails maybe?

Info-Screen renamed this task from Warning for often used pasdwords to Warning for often used passwords.Jan 22 2019, 6:14 PM

AFAIK you send the hashed version of the password, so that shouldn't be too dangerous.