內容簡介
這個外掛程式會將密碼的最小長度設置為 10 個字元,確保密碼足夠長,很難被猜到。 然而,它不強制執行任何複雜性規則,如數字和特殊字符,因為在使密碼難以猜測時,長度是最重要的。
此外掛程式使用 Troy Hunt 的 Pwned Passwords API ,以檢查使用者的潛在密碼是否匹配已被洩漏的密碼資料庫。
密碼本身永遠不會被發送到任何第三方,只會發送部分雜湊值,這意味著輸入的密碼將始終是私有的。
作為額外的好處,當在資料庫中存儲密碼時,此外掛程式還會升級使用的雜湊算法。這是使用 Bcrypt 或 Argon2 算法創建的安全單向雜湊。
外掛標籤
開發者團隊
原文外掛簡介
This plugin sets a default minimum password length of 10 characters, to ensure that passwords are suitably long that they are hard to guess. However, it does not insist on any complexity rules, such as digits and special characters, as length is the most important thing when making a password hard to guess.
This plugin uses Troy Hunt’s Pwned Passwords API in order to check a user’s potential password against a corpus of breached passwords.
The password itself is never sent to any third party, only a partial hash is sent. This means that the password entered will always be private.
As an added bonus, this plugin also upgrades the hashing algorithm used when storing your password in the database. This is a secure one-way hash created using the Bcrypt or Argon2 algorithm.
