Pwned Passwords service in nodebb
-
There's this very nice service that can check if a password has already appeared in a database breach:
Have I Been Pwned: Pwned Passwords
Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised.
Are there any plugin that would integrate this in nodebb when users are registering or changing passwords?
-
NodeBB core has a setting to check a database of commonly used passwords. There's nothing for checking HIBP at the moment.
-
Nice! So even if pwned password is not used yet at least the developpers are aware of the issue and doing the next best thing.
-
Since this topic was created such plugin was actually created by someone (Ben Lubar to be exact): https://github.com/BenLubar/nodebb-plugin-pwned-passwords
I'm posting it here mostly because I haven't seen it posted anywhere on this forum, so now it will be easier to find
And also in case Duehok still wants it and didn't see that it exists.
