Pwned Passwords / Password Blacklist

Matt Fothergill asked on July 22, 2019 14:03

What would be the best way (area in Kentico) to validate a user password at point of registration against a list of known bad passwords i.e. a blacklist (.txt file) of passwords from historic data breaches?

I would like to display a validation message indicating to the user that the password they have entered is too common/has been seen in recent data breaches and prevent the account being registered until a stronger/more unique password has been entered.

Example Blacklist

Top 100k Pwned Passwords list from Troy Hunt's Pwned Passwords database, recommended by the NCSC in the UK.

Correct Answer

Roman Hutnyk answered on July 22, 2019 15:00

Unfortunately there is no event to hook into.

Are you using Portal Engine? - if so I'd recommend you to clone RegistrationForm web part and adjust it to your needs: add your code into private void btnRegister_Click method.

1 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.