Common Password Ban List

Return to previous page

  • 4/7/2015
  • 1718 Views

Comments

1718 Views

Common Password Ban List

Last updated 4 years ago

Comments

Common

(Enter the content of this article below)

Advanced

 
Many users register and use a common password ("password","letmein","1234567" etc.) or a guessable password (e.g. one that contains their username). This enhancement attempts to stop users using known guessable passwords. In addition, this enhancement ensures the user cannot reuse their username as a password.

Some analysis was done on recent password compromises (such as gawker), and a list of common terms were extracted. This list is 240 items long and will be visible in host->Lists, under the “banned password” node.

To verify this is working, attempt to register a new user and use a password from this list e.g. “password” or “1234567”. If such a password is chosen the new account will not be created and a message explaining that the password is on a banned list will appear.

Note: as we support case-sensitive passwords, all common banned passwords are exact match.
The default items can be controlled via the host->lists screen e.g.

However, individual sites can add their own lists that will be combined with the host list:

DNN Digest is our monthly email newsletter. It highlights news and content from around the DNN ecosystem, such as new modules and themes, messages from leadership, blog posts and notable tweets. Keep your finger on the pulse of the ecosystem by subscribing.  


Copyright 2017 by DNN Corp Terms of Use Privacy
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out