Warn users when they use/save a vulnerable password #6452
Assignees
Labels
closed/duplicate
Issue has already been reported
design/needs-mock-up
needs-mockup A feature which needs design mockup to be implemented.
feature/password-manager
feature-request
Comments
fmarier
added
design/needs-mock-up
|
I like this idea. Even better if we can assist users in changing to better passwords, although that sounds complicated. |
|
Closing in favor of #12001. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We could make use of the HIBP Pwned Passwords API to warn users when they enter a vulnerable password in a password field or when they save one in the password manager.
1Password includes this functionality as part of their "Watchtower":
A vulnerable password is one that is present in the data dumps from one of the password leaks tracked by Have I Been Pwned.
This does not require a back-end service as long as we're comfortable with the k-anonymity guarantees of the public API.
The text was updated successfully, but these errors were encountered: