[Ext. REQUEST] Registration Check Password if ';--pwned

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Suggested Hosts
User avatar
Mellx1
Registered User
Posts: 73
Joined: Fri Feb 08, 2019 7:45 am

[Ext. REQUEST] Registration Check Password if ';--pwned

Post by Mellx1 »

This just check the password on registration if the password input by the new member is breached, so new member may aware of their password.

https://haveibeenpwned.com/Passwords
Screenshot_2.jpg
You do not have the required permissions to view the files attached to this post.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: [Ext. REQUEST] Registration Check Password if ';--pwned

Post by david63 »

Unless you intend to check the password/username/email combination it seems pointless as thier own site states that there are "hundreds of millions of real world passwords" - just checking a password on that list and then rejecting it would frustrate many users.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
danieltj
Infrastructure Team Member
Infrastructure Team Member
Posts: 690
Joined: Thu May 03, 2018 9:32 pm
Location: United Kingdom
Name: Daniel James

Re: [Ext. REQUEST] Registration Check Password if ';--pwned

Post by danieltj »

david63 wrote: Thu Jun 02, 2022 8:09 am Unless you intend to check the password/username/email combination it seems pointless as thier own site states that there are "hundreds of millions of real world passwords" - just checking a password on that list and then rejecting it would frustrate many users.
My thought process for this would be to check if a password appears in the list and if it does, let the user know and ask if they're sure they want to use it before an account is created or password is changed.

I would argue that most people re-use passwords, so the one time it returns a hit for a password that is complex and auto generated, you'll probably be fine to just use it.
MY EXTENSIONS:
Verified Profiles | API | Awesome Payments

Available for paid extension work.
HelpToTransfer
Registered User
Posts: 12
Joined: Tue May 12, 2015 9:41 am

Re: [Ext. REQUEST] Registration Check Password if ';--pwned

Post by HelpToTransfer »

Mellx1 wrote: Wed Jun 01, 2022 11:31 pm This just check the password on registration if the password input by the new member is breached, so new member may aware of their password.
i find this on github https://github.com/TenGbps/pwnedpasswordscheck
User avatar
SpIdErPiGgY
Registered User
Posts: 332
Joined: Sun May 02, 2021 2:11 pm
Location: Erpe-Mere, Aalst, BE
Name: Andy Dm

Re: [Ext. REQUEST] Registration Check Password if ';--pwned

Post by SpIdErPiGgY »

HelpToTransfer wrote: Wed Dec 04, 2024 9:11 pm
Mellx1 wrote: Wed Jun 01, 2022 11:31 pm This just check the password on registration if the password input by the new member is breached, so new member may aware of their password.
i find this on github https://github.com/TenGbps/pwnedpasswordscheck
And I posted a fix for Parse error: syntax error, unexpected variable "$result"

https://github.com/TenGbps/pwnedpasswordscheck/issues/1
Image
User avatar
warmweer
Jr. Extension Validator
Posts: 12113
Joined: Fri Jul 04, 2003 6:34 am
Location: somewhere in the space-time continuum

Re: [Ext. REQUEST] Registration Check Password if ';--pwned

Post by warmweer »

Relatively useless information.

I have 2 online testing boards on which I use different self-randomized passwords (10 characters) (I have to write them down, failing that I'ld constantly need to reset my PW).
About twice per month a password is flagged as breached yet never has my account been breached.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.

Return to “Extension Requests”