Skip to content

Provide Password (Compromised) Checking API #7395

New issue
New issue
Closed
Closed
Provide Password (Compromised) Checking API#7395
Assignees
marcusdacoregio
Labels
in: coreAn issue in spring-security-coretype: enhancementA general enhancement
Milestone
 
6.3.0-RC1
@rwinch

Description

@rwinch
rwinch
opened on Sep 6, 2019

Summary

Password reuse is a serious problem for users and the source of many different hacks. It would be awesome if we could provide integration with https://haveibeenpwned.com to alert users if their password has been compromised.

Some ideas are that this check could be automated when authenticating a user, changing a password, etc.

After playing a bit around the design of such API it has become clear that it should focus solely on checking if a password is compromised. It is not its intention for now to make a contextual check, like if a password has been reused for example.

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions