Password check via haveibeenpwned

[WoodiE]

It would be great if there was an add-on for our forums that checked the users password during account creation and password change, against known breached passwords (checked against haveibeenpwned.com) and then suggests using something stronger.

A website https://toepoke.co.uk/user.aspx/create does this now using the above suggestion:


Just something to keep our forums and users a bit more secure.

 

[Ozzy47]

This addon by @DragonByte Tech has that feature, https://xenforo.com/community/threads/dbtech-dragonbyte-security-paid.116944/unread

 

[WoodiE]

Thanks @ozzy47, I'll reach out to @DragonByte Tech and double check as there is nothing in that resource that I seen that specifically mentions checking passwords on creations/reset for known breached passwords from haveibeenpwned or any other service.

 

[DragonByte Tech]

Thanks @ozzy47, I'll reach out to @DragonByte Tech and double check as there is nothing in that resource that I seen that specifically mentions checking passwords on creations/reset for known breached passwords from haveibeenpwned or any other service.

DB Security will execute a check against HIBP upon failed login. You can also manually run a check via the AdminCP


Fillip

 

[WoodiE]

So after PM'ing DragonByte I can confirm this addon does NOT do what I'm seeking. His addon only checks HIBP during a failed login.

I'm looking for something that will check a users password when a new user is registering or when an existing member is changing their password.

 

[Ozzy47]

Perhaps you can convince @DragonByte Tech to add those features to the addon.

 

[DragonByte Tech]

Perhaps you can convince @DragonByte Tech to add those features to the addon.

I will look into it once DBTech has moved to XF2, preparing the eCommerce mod for that move is taking up all of my time at the moment


Fillip

 

[WoodiE]

This request has been filled thanks to @Xon. Now forum owners to add this functionality for free using this addon - https://xenforo.com/community/resources/password-tools.4495/

@Alien

 

[Xon]

XF Error phrases hate on HTML, so I haven't yet figured out how to add a link telling the user what to-do.

 

[Alien]

This hasn't yet been made available for XF 2 right? If not, looking forward to it!

 

[WoodiE]

@Alien, I'm still running XF1 on my sites so @Xon developed for that first. Though I do believe his has every intention to creating a XF2 version as well (at least I really hope so).

 

[Alien]

Oh ok, cool.. I assumed since it was a Feb 2018 request, it was a request for 2.x+!

Look forward to it should that happen!

 

[WoodiE]

Oh ok, cool.. I assumed since it was a Feb 2018 request, it was a request for 2.x+!

Look forward to it should that happen!

I bet if a few bucks was thrown toward @Xon's general direction he'd probably be able to speed up the XF 2.0 version.

 

[Alien]

I bet if a few bucks was thrown toward @Xon's general direction he'd probably be able to speed up the XF 2.0 version.

Possible. Though I can think of an idea or two I may prefer to donate for first.