spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Provide Password (Compromised) Checking API

Open rwinch opened this issue 6 years ago • 0 comments

Summary

Password reuse is a serious problem for users and the source of many different hacks. It would be awesome if we could provide integration with https://haveibeenpwned.com to alert users if their password has been compromised.

Some ideas are that this check could be automated when authenticating a user, changing a password, etc.

After playing a bit around the design of such API it has become clear that it should focus solely on checking if a password is compromised. It is not its intention for now to make a contextual check, like if a password has been reused for example.

rwinch avatar Sep 06 '19 20:09 rwinch