-
Type:
Change Request
-
Resolution: Unresolved
-
Priority:
Trivial
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
Hello,
I would be nice if we could level up our password checking process and check user passwords against https://haveibeenpwned.com/API/v3#PwnedPasswordsDownload
This is one of the largest leaked password database, much larger than /data/top_passwords.txt file in Zabbix.
This implementation should support offline options as well. No live external API calls.
The check should happen while creating password for new user or changing passwords for existing users.