devise-pwned_password icon indicating copy to clipboard operation
devise-pwned_password copied to clipboard

Published 20 hours ago verified publisher icon michaelbanfield

Consider using unpwn to reduce API calls

Open eliotsykes opened this issue 5 years ago • 1 comments

Consider using the unpwn gem to check passwords locally https://github.com/indirect/unpwn

Unpwn checks passwords locally against the top one million passwords, as provided by the nbp project. Then, it uses the haveibeenpwned API to check proposed passwords against the largest corpus of publicly dumped passwords in the world.

As a bonus, if the haveibeenpwned API is down, at least there's still some checks applied.

eliotsykes avatar Sep 23 '19 15:09 eliotsykes

Not a bad idea!

Too bad it would render use of https://github.com/philnash/pwned library redundant. I feel like pwned is a more solid library, and certainly seems more configurable, so I'd personally prefer to keep using it (but my bias may be unfounded).

It seems pretty unlikely that the haveibeenpwned API would go down for a significant length of time...

TylerRick avatar Apr 28 '20 01:04 TylerRick