What would be the best way (area in Kentico) to validate a user password at point of registration against a list of known bad passwords i.e. a blacklist (.txt file) of passwords from historic data breaches?
I would like to display a validation message indicating to the user that the password they have entered is too common/has been seen in recent data breaches and prevent the account being registered until a stronger/more unique password has been entered.
Example Blacklist
Top 100k Pwned Passwords list from Troy Hunt's Pwned Passwords database, recommended by the NCSC in the UK.
Unfortunately there is no event to hook into.
Are you using Portal Engine? - if so I'd recommend you to clone RegistrationForm web part and adjust it to your needs: add your code into private void btnRegister_Click method.
private void btnRegister_Click
Please, sign in to be able to submit a new answer.