[keycloak-dev] Blacklist Password Policy

Thomas Darimont thomas.darimont at googlemail.com
Fri Jul 28 11:48:05 EDT 2017


I build a configurable Password Policy that allows to match a given
password against
a blacklist with easy to guess passwords that should be not allowed as user

The 'BlacklistPasswordPolicyProvider' can be configured via the admin UI
with a ";" delimited list of easy to guess passwords.

If the user / or admin want's to change the password it is checked against
the blacklist.
A password list can be found here:

A blacklist is of course not a perfect solution but could still be useful
for some users.

Password blacklist would be compiled to a trie at startup (and on changes
of the blacklist)
for efficient lookups.



More information about the keycloak-dev mailing list