[keycloak-dev] Blacklist Password Policy
thomas.darimont at googlemail.com
Fri Jul 28 11:48:05 EDT 2017
I build a configurable Password Policy that allows to match a given
a blacklist with easy to guess passwords that should be not allowed as user
The 'BlacklistPasswordPolicyProvider' can be configured via the admin UI
with a ";" delimited list of easy to guess passwords.
If the user / or admin want's to change the password it is checked against
A password list can be found here:
A blacklist is of course not a perfect solution but could still be useful
for some users.
Password blacklist would be compiled to a trie at startup (and on changes
of the blacklist)
for efficient lookups.
More information about the keycloak-dev