Module Description
This is a Drupal 8 module that adds a Pwned Passwords plugin to the D8 Password Policy module.
Have I Been Pwned The plugin uses the Have I Been Pwned Passwords API.
To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API.
The API response is a list of matching SHA1 hashes representing exposed passwords known to the service. The plugin then checks if the full SHA-1 is in the list, without sending the full hash to the API.
Have I Been Pwned The plugin uses the Have I Been Pwned Passwords API.
To protect privacy, the API uses the k-Anonymity model. A SHA-1 hash of the password is created, only the first 5 characters of the hash are sent to the API.
The API response is a list of matching SHA1 hashes representing exposed passwords known to the service. The plugin then checks if the full SHA-1 is in the list, without sending the full hash to the API.
Module Link
Project Usage
185
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
This module aims to enhance security by checking passwords against a list of exposed passwords without compromising user privacy.
Data Name
password_policy_pwned
OPENAI CHATBOT
OPENAI CHATBOT
