ClassicPress PetitionsClassicPress Petitions
This is a read-only archive. Post or comment on the live version of this page on our forums.

Default Support for HIBP

September 16, 2018 · 12:24 · Dustin Snider
Description

People have a terrible habit of using the same password over and over and often times have no clue the password they use isn’t safe anymore. It’s also a common oversight to add this by most creators. Add a Setting to enable/disable of course.

https://haveibeenpwned.com/API/v2

Voters
+3 more
Tags
Request: Add feature
Discussion
Wade Striebel

I was chatting about this here: https://vote.classicpress.net/posts/39/please-add-enforce-strong-passwords-and-password-expiry-to-the-core

I think it is a great idea to support HIBP by default.

Dustin Snider

I’m generally of the mindset that if a plugin can handle it then it should but this seems like an underlying added layer of security not only for the site itself but also the end user. I’m not one for bloating the core hence why I came to ClassicPress.

Daniele Scasciafratte

Seems more a plugin territory and also create an issue of privacy because we share the email of the user to a different server.

James Nylen

No, a correct implementation of HIBP does not share any information about the user or the password to a different server.

If we implement this, we need to think about what happens if HIBP goes down one day.

Otherwise I think this should be a core feature.