Skip to content
/ password_policy_pwned Public

A Drupal Password Policy that checks for occurrences in Pwned Passwords.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kimpepper/password_policy_pwned

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

config/schema

config/schema

 
 

src

src

 
 

tests/src/Functional

tests/src/Functional

 
 

README.md

README.md

 
 

password_policy_pwned.info.yml

password_policy_pwned.info.yml

 
 

password_policy_pwned.services.yml

password_policy_pwned.services.yml

 
 

Repository files navigation

password_policy_pwned

This is a Drupal 8 module that adds a exposed plugin to the D8 Password Policy module.

Providers

Have I Been Pwned

The plugin uses the Have I Been Pwned Passwords API. To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API. The API response is a list of matching SHA1 hashes representing exposed passwords known to the service. The plugin then checks if the full SHA-1 is in the list, without sending the full hash to the API.

About

A Drupal Password Policy that checks for occurrences in Pwned Passwords.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages