Hashing for fun and profit…

Nope, not cannabis, nor potato, but rather this:

Yup, password hashes in Sitecore. Unfortunately, they’re not all that secure – but they can be.  Continue reading “Hashing for fun and profit…”

Advertisements
Hashing for fun and profit…

Check Users Passwords during Registration/Login

Troy Hunt has published the hashes of 306,000,000 passwords that have been breached. And exposed it as a web service.

https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/

Awesome!

This lets you tell a user if a given password has appeared in a breach. You send the service a hash of the password, and Troy’s web service responds if that hash has appeared in a breach.

Why is that useful? You can pro-actively inform users if their password has been breached (and recorded in haveibeenpawned) at either registration or login. You may want to block users from using that password, or you could just warn them.

Continue reading “Check Users Passwords during Registration/Login”

Check Users Passwords during Registration/Login