Contrib.social

Evaluate default threshold and add new example password(s)

Open on Drupal.org →
Created on 5 December 2023, over 1 year ago

Problem/Motivation

The current default threshold of 10 is probably too low, and none of the current example passwords have a count anything like that low.

Steps to reproduce

drush ev 'print_r(cache_get("password_haveibeenpwned_password_threshold_examples"));'
stdClass Object
(
    [cid] => password_haveibeenpwned_password_threshold_examples
    [data] => Array
        (
            [qwerty] => 10584572
            [12345] => 2591854
            [monkey] => 1422866
            [admin] => 276638
            [cheese] => 270587
            [changeme] => 147401
            [dictionary] => 13630
            [!@#$%^&] => 1430
            [correcthorsebatterystaple] => 232
            [drupal] => 129
        )

Proposed resolution

Increase the threshold, add one or more example passwords with lower counts.

Remaining tasks

Any site that's submitted the admin form at least once will have the threshold stored in a variable.

Changing the default in the code won't update this.

Decide whether to add a hook_update_N() which updates the variable; if so, only do it if the variable has the current default value in it.

User interface changes

New examples will show up in the admin UI.

API changes

"Weaker" i.e. more commonly compromised passwords will start to trigger warnings / blocks as they surpass the threshold.

Data model changes

n/a

📌 Task
Status

Fixed

Version

2.0

Component

Code

Created by

🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024