Prevent users from using obvious passwords
Closed this issue · 1 comments
bkthomps commented
As recommended by NIST, disallow some or all of the following:
- Passwords obtained from previous breach corpuses.
- Dictionary words.
- Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
- Context-specific words, such as the name of the service, the username, and derivatives thereof. (we already compare to username, but not to the name of the service)
bkthomps commented
Done.