spring-security-samples icon indicating copy to clipboard operation
spring-security-samples copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Improve Compromised Password Sample

Open marcusdacoregio opened this issue 1 year ago • 0 comments

The sample is not ideal as it is currently for a couple of reasons:

  • It is not ideal that the user has to type their username for reset password flow. They just authenticated and typed their password, so it is strange to have to type that again
  • Since they also just typed their password, it would be ideal if that was not necessary to type the old password either.

We can change the sample to verify if the password is compromised during login and then flag the user account. With that flag we can show a warning asking the user to change their password.

marcusdacoregio avatar Jul 18 '24 12:07 marcusdacoregio