Products

Solutions

Resources

Partners

Community

Blog

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Common Password Ban List

Return to previous page

  • 4/7/2015
  • 3693 Views

Comments

3693 Views

Common Password Ban List

Last updated 6 years ago

Comments

Common

(Enter the content of this article below)

Advanced

 
Many users register and use a common password ("password","letmein","1234567" etc.) or a guessable password (e.g. one that contains their username). This enhancement attempts to stop users using known guessable passwords. In addition, this enhancement ensures the user cannot reuse their username as a password.

Some analysis was done on recent password compromises (such as gawker), and a list of common terms were extracted. This list is 240 items long and will be visible in host->Lists, under the “banned password” node.

To verify this is working, attempt to register a new user and use a password from this list e.g. “password” or “1234567”. If such a password is chosen the new account will not be created and a message explaining that the password is on a banned list will appear.

Note: as we support case-sensitive passwords, all common banned passwords are exact match.
The default items can be controlled via the host->lists screen e.g.

However, individual sites can add their own lists that will be combined with the host list:

What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out